New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault in openldap while using ldaps #6676
Comments
I can reproduce with 24f850f on OpenBSD-current
|
I did some investigation on it and it turns out that the following line tries to access an item from a NULL pointer: struct ldapconninfo *li = conn->proto.ldapc; The problem is that conn (data->conn) is NULL. However data itself is set, just not conn. I might find time to write a patch for it this weekend but I can't promise anything. Will post more updates regarding it soon. |
I chased this down too and IMHO it's not as simple as it looks: See #6518 (comment), #6446 (comment) and f2f91ac. |
Okay I spent some time this morning inspecting it but I see myself unable to do it unfortunately. The problem is indeed much bigger |
@bagder : thanks for fix. This effectively suppresses the segfault, but I wonder if the way it's done would'nt close the connection prematurely with regards to the LDAP protocol. I did not check, but the unbindRequest is probably not transmitted. |
(This doesn't just suppress the segfault, it fixes the function to use the correct pointer and only use it if it is (still) valid.) That's a slightly different but possibly still important issue: since the connection is already gone when The only proper way we can get this in order is to introduce an LDAP test server to the test suite and a few tests to make sure that curl speaks the protocol correctly. Easier said than done. |
It seems you set the pointer to NULL: in ldap_disconnect:
I already dreamed of it: that's another story! |
Yes, because when we disconnect LDAP there is no longer any transfer associated to it... |
Sure, but we're still having a (dummy?) I had good results trying the following method:
Hacky-tricky, but it seems to work. I can provide a PR if you like it. |
But I was slightly wrong. The connection is actually still associated with the transfer when diff --git a/lib/openldap.c b/lib/openldap.c
index 066c0fd73..c80ac8b07 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -369,11 +369,11 @@ static CURLcode ldap_disconnect(struct Curl_easy *data,
if(li) {
if(li->ld) {
Sockbuf *sb;
ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb);
- ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, NULL);
+ ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, data);
ldap_unbind_ext(li->ld, NULL, NULL);
li->ld = NULL;
}
conn->proto.ldapc = NULL;
free(li); |
see #6787 |
I tried that alone, but it does not work, since data->conn is NULL. |
For the original |
|
Yes, you're right. I just tried #6787 with removals of null tests in tls io functions and it works. I think we've finally got it. Thanks. |
I did this
curl -k --cert-type P12 --cert mycert.p12:password 'ldaps://localhost/?supportedSASLMechanisms?base?(objectclass=*)'
After correct output, curl segfaults while in
ldap_unbind_ext
called byldap_disconnect
.This is the
ldapsb_tls
problem we shortly discussed at #6518 (comment) and is related to theconn->data
removal.I expected the following
Clean termination
curl/libcurl version
curl 7.76.0-DEV (x86_64-pc-linux-gnu) libcurl/7.76.0-DEV OpenSSL/1.1.1i-fips zlib/1.2.11 brotli/1.0.9 zstd/1.4.7 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) iconv libssh/0.9.5/openssl/zlib nghttp2/1.43.0 librtmp/2.3 libgsasl/1.8.1
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli CharConv Debug gsasl GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP TrackMemory UnixSockets zstd
operating system
Linux patrick.monnerat 5.10.18-200.fc33.x86_64 #1 SMP Tue Feb 23 22:06:05 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: