[Bug 1602813] Re: openvpn-auth-ldap causing segfault on network timeout

Andreas Hasenack andreas at canonical.com
Mon Jun 19 17:04:03 UTC 2017


The code was just checking for a -1 return value, which means "something
bad", and missed the timeout case. Since we missed the timeout return
value, the followupcheck for the LDAP_TIMEOUT err was never reached:

-	if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) {
+	if (ldap_result(ldapConn, msgid, 1, &timeout, &res) <= 0) {
 		err = ldap_get_errno(ldapConn);
 		if (err == LDAP_TIMEOUT)


The function's "result" *parameter* can't be used in any case:

       int ldap_result( LDAP *ld, int msgid, int all,
            struct timeval *timeout, LDAPMessage **result );

"Upon  success, the type of the result received is returned and the
result parameter will contain the result of the operation; otherwise,
the result parameter is undefined."

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1602813

Title:
  openvpn-auth-ldap causing segfault on network timeout

Status in openvpn-auth-ldap package in Ubuntu:
  In Progress
Status in openvpn-auth-ldap package in Debian:
  New

Bug description:
  Description:    Ubuntu 14.04.4 LTS
  Release:        14.04

  openvpn-auth-ldap=2.0.3-5.1

  There is a timeout bug in the openvpn-auth-ldap package that causes
  OpenVPN to crash when the network timeout is exceeded.

  The openvpn-auth-ldap plugin is not correctly checking the error codes
  from ldap_result. As a result, it is not catching timeouts, and
  proceeds as if ldap_result was successful. This results in a segfault
  when access to the result (which is set to Null) is attempted.

  You can see this bug referenced here:

  https://github.com/threerings/openvpn-auth-ldap/issues/11

  And a fix mentioned here:

  https://github.com/threerings/openvpn-auth-ldap/pull/53

  The above patch is not compatible with the source provided with 14.04,
  so I have updated the patch to work with the 14.04 source. I have
  provided it below.

  I would appreciate if a package with the fix could be released.

  -Aaron Peschel

  Index: openvpn-auth-ldap/src/LFLDAPConnection.m
  ===================================================================
  --- openvpn-auth-ldap.orig/src/LFLDAPConnection.m       2016-07-12
  23:24:14.710216000 +0000
  +++ openvpn-auth-ldap/src/LFLDAPConnection.m    2016-07-12
  23:24:48.394216000 +0000
  @@ -175,7 +175,7 @@
          /* Wait for the result */
          timeout.tv_sec = _timeout;
          timeout.tv_usec = 0;
  -       if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) {
  +       if (ldap_result(ldapConn, msgid, 1, &timeout, &res) <= 0) {
                  err = ldap_get_errno(ldapConn);
                  if (err == LDAP_TIMEOUT)
                          ldap_abandon_ext(ldapConn, msgid, NULL, NULL);
  @@ -383,7 +383,7 @@
          }

          /* Wait for the result */
  -       if (ldap_result(ldapConn, msgid, 1, &timeout, &res) == -1) {
  +       if (ldap_result(ldapConn, msgid, 1, &timeout, &res) <= 0) {
                  err = ldap_get_errno(ldapConn);
                  if (err == LDAP_TIMEOUT)
                          ldap_abandon_ext(ldapConn, msgid, NULL, NULL);

  ProblemType: Crash
  DistroRelease: Ubuntu 14.04
  Package: openvpn 2.3.2-7ubuntu3.1
  ProcVersionSignature: Ubuntu 3.13.0-74.118-generic 3.13.11-ckt30
  Uname: Linux 3.13.0-74-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.21
  Architecture: amd64
  AssertionMessage: openvpn: sasl.c:257: ldap_parse_sasl_bind_result: Assertion `res != ((void *)0)' failed.
  Date: Tue Jul 12 21:35:10 2016
  Ec2AMI: ami-9abea4fb
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-west-2c
  Ec2InstanceType: t2.small
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  ExecutablePath: /usr/sbin/openvpn
  ProcCmdline: /usr/sbin/openvpn --writepid /run/openvpn/foxpass.pid --daemon ovpn-foxpass --cd /etc/openvpn --config /etc/openvpn/foxpass.conf --script-security 2
  ProcEnviron:
   TERM=screen-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
  Signal: 6
  SourcePackage: openvpn
  StacktraceTop:
   __assert_fail_base (fmt=0x7f3cd7f203b8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion at entry=0x7f3cd796d9bd "res != ((void *)0)", file=file at entry=0x7f3cd796e100 "sasl.c", line=line at entry=257, function=function at entry=0x7f3cd796e3e0 "ldap_parse_sasl_bind_result") at assert.c:92
   __GI___assert_fail (assertion=0x7f3cd796d9bd "res != ((void *)0)", file=0x7f3cd796e100 "sasl.c", line=257, function=0x7f3cd796e3e0 "ldap_parse_sasl_bind_result") at assert.c:101
   ldap_parse_sasl_bind_result () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
   ?? () from /usr/lib/openvpn/openvpn-auth-ldap.so
   connect_ldap () from /usr/lib/openvpn/openvpn-auth-ldap.so
  Title: openvpn assert failure: openvpn: sasl.c:257: ldap_parse_sasl_bind_result: Assertion `res != ((void *)0)' failed.
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn-auth-ldap/+bug/1602813/+subscriptions



More information about the Ubuntu-sponsors mailing list