[Bug 1602813] Re: openvpn-auth-ldap causing segfault on network timeout
ChristianEhrhardt
1602813 at bugs.launchpad.net
Mon Jun 19 15:07:36 UTC 2017
Reviewed and discussed - changes are good.
Andreas will add the steps to reproduce he already added to the Debian bug.
I'll test on my own and then likely sponsor the upload if nothing breaks
on that.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1602813
Title:
openvpn-auth-ldap causing segfault on network timeout
Status in openvpn-auth-ldap package in Ubuntu:
In Progress
Status in openvpn-auth-ldap package in Debian:
New
Bug description:
Description: Ubuntu 14.04.4 LTS
Release: 14.04
openvpn-auth-ldap=2.0.3-5.1
There is a timeout bug in the openvpn-auth-ldap package that causes
OpenVPN to crash when the network timeout is exceeded.
The openvpn-auth-ldap plugin is not correctly checking the error codes
from ldap_result. As a result, it is not catching timeouts, and
proceeds as if ldap_result was successful. This results in a segfault
when access to the result (which is set to Null) is attempted.
You can see this bug referenced here:
https://github.com/threerings/openvpn-auth-ldap/issues/11
And a fix mentioned here:
https://github.com/threerings/openvpn-auth-ldap/pull/53
The above patch is not compatible with the source provided with 14.04,
so I have updated the patch to work with the 14.04 source. I have
provided it below.
I would appreciate if a package with the fix could be released.
-Aaron Peschel
Index: openvpn-auth-ldap/src/LFLDAPConnection.m
===================================================================
--- openvpn-auth-ldap.orig/src/LFLDAPConnection.m 2016-07-12
23:24:14.710216000 +0000
+++ openvpn-auth-ldap/src/LFLDAPConnection.m 2016-07-12
23:24:48.394216000 +0000
@@ -175,7 +175,7 @@
/* Wait for the result */
timeout.tv_sec = _timeout;
timeout.tv_usec = 0;
- if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) {
+ if (ldap_result(ldapConn, msgid, 1, &timeout, &res) <= 0) {
err = ldap_get_errno(ldapConn);
if (err == LDAP_TIMEOUT)
ldap_abandon_ext(ldapConn, msgid, NULL, NULL);
@@ -383,7 +383,7 @@
}
/* Wait for the result */
- if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) {
+ if (ldap_result(ldapConn, msgid, 1, &timeout, &res) <= 0) {
err = ldap_get_errno(ldapConn);
if (err == LDAP_TIMEOUT)
ldap_abandon_ext(ldapConn, msgid, NULL, NULL);
ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: openvpn 2.3.2-7ubuntu3.1
ProcVersionSignature: Ubuntu 3.13.0-74.118-generic 3.13.11-ckt30
Uname: Linux 3.13.0-74-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.21
Architecture: amd64
AssertionMessage: openvpn: sasl.c:257: ldap_parse_sasl_bind_result: Assertion `res != ((void *)0)' failed.
Date: Tue Jul 12 21:35:10 2016
Ec2AMI: ami-9abea4fb
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-west-2c
Ec2InstanceType: t2.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ExecutablePath: /usr/sbin/openvpn
ProcCmdline: /usr/sbin/openvpn --writepid /run/openvpn/foxpass.pid --daemon ovpn-foxpass --cd /etc/openvpn --config /etc/openvpn/foxpass.conf --script-security 2
ProcEnviron:
TERM=screen-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
Signal: 6
SourcePackage: openvpn
StacktraceTop:
__assert_fail_base (fmt=0x7f3cd7f203b8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion at entry=0x7f3cd796d9bd "res != ((void *)0)", file=file at entry=0x7f3cd796e100 "sasl.c", line=line at entry=257, function=function at entry=0x7f3cd796e3e0 "ldap_parse_sasl_bind_result") at assert.c:92
__GI___assert_fail (assertion=0x7f3cd796d9bd "res != ((void *)0)", file=0x7f3cd796e100 "sasl.c", line=257, function=0x7f3cd796e3e0 "ldap_parse_sasl_bind_result") at assert.c:101
ldap_parse_sasl_bind_result () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
?? () from /usr/lib/openvpn/openvpn-auth-ldap.so
connect_ldap () from /usr/lib/openvpn/openvpn-auth-ldap.so
Title: openvpn assert failure: openvpn: sasl.c:257: ldap_parse_sasl_bind_result: Assertion `res != ((void *)0)' failed.
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn-auth-ldap/+bug/1602813/+subscriptions
More information about the Ubuntu-sponsors
mailing list