Segmentation fault ssl23_connect()

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Segmentation fault ssl23_connect()

sanjaya joshi
Hello,

I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to external LDAP server. The used openssl version is 1.0.2k.

While establishing the secure connection from client, i observe the following segmentation fault occasionally (Not always reproducible).

Any pointers please ?

"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/opt/nsn/pac_bor_qx_e1/bin/border'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
(gdb) bt
#0  0x00007fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
#1  0x00007fd6b3495516 in ssl23_connect () from /usr/lib64/libssl.so.1.0.0
#2  0x00007fd6b7d2d6cf in ldap_int_tls_connect (ld=0x7fd6880486d0, conn=0x7fd68802d9e0) at tls.c:805
#3  0x00007fd6b7d2ece0 in ldap_int_tls_start (ld=0x7fd6880486d0, conn=0x7fd68802d9e0, srv=0x0) at tls.c:1511
#4  0x00007fd6b7d2f6e9 in ldap_install_tls (ld=0x7fd6880486d0) at tls.c:1935
#5  0x00007fd6bb46c6c1 in open_connection_as (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389, client_access=0,
    user_dn=0x7fd6880543c8 "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
    user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838, network_timeout=5000, request_id=0x7fd6962d144c,
    error_string=0x7fd6962d1440, isSecure=2, cacertFile=0x7fd688048bf8 "/etc/certs/cacert.pem",
    ciphers=0x7fd68805e138 "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA", reqCert=0x7fd6962d2558) at ../src/api.c:1048
#6  0x00007fd6bb46ca97 in open_secure_connection_starttls_request (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389,
    client_access=0, user_dn=0x7fd6880543c8 "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
    user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838, network_timeout=5000, request_id=0x7fd6962d144c,
    error_string=0x7fd6962d1440, cacertFile=0x7fd688048bf8 "/etc/certs/cacert.pem",
    ciphers=0x7fd68805e138 "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA", reqCert=0x7fd6962d2558) at ../src/api.c:1258
#7  0x00007fd6b9c899c8 in tryConnectExtLdap (host=0x7fd68805de90 "10.55.433.1", port=389,
    binddn=0x7fd6962d3380 "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net", pwd=0x7fd6962d3c70 "saaadh45sks",
    _extHandle=@0x7fd6962d2838: 0x7fd6880486d0, peopledn=0x7fd6880495b0 "ou=people,ou=accounts,dc=sasa,dc=test,dc=net", secureMode=0,
    cacertFile=..., ciphers=..., reqCert=5, timeout_ms=5000)
    at ../../src/acct.cpp:1694
#8  0x00007fd6b9c88df1 in validate_account (accountName=0x7fd6962d3380 "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
    accountPassword=0x7fd6962d3c70 "saaadh45sks") at ../../src/acct.cpp:1623
#9  0x0000000000479d3a in set_acc (userName=userName@entry=0x7fd6962d3870 "user1",
    password=password@entry=0x7fd6962d3c70 "saaadh45sks") at ../src/borfunc_cou.c:4066
#10 0x000000000045217b in _71571_2 (_T=0x42907000) at ../src/bor7qxqx.sdl:600
#11 0x000000000044fd45 in _s71571_ACTIVE (_T=<optimized out>) at _Sborha7ACTIVE.c:33
#12 0x00007fd6b6ec8a65 in call_transition (msg=0x7fd6bc0d8948, process=96)
    at /home/core/threadmain.c:656
#13 call_transition_with_fatal_sig_catching (thread=<optimized out>, thread@entry=0x25d7d90, process=process@entry=96,
    msg=msg@entry=0x7fd6bc0d8948) at /home/core/threadmain.c:669
#14 0x00007fd6b6ec9499 in execute_user_code (msg=0x7fd6bc0d8948, process=96, thread=0x25d7d90)
    at /home/core/threadmain.c:687
#15 exec_main_loop (thread=0x25d7d90) at /home/core/threadmain.c:882
#16 thread_context_main (arg=<optimized out>) at /home/core/threadmain.c:592
#17 0x00007fd6b64f2f50 in ?? () from /lib64/libc.so.6
#18 0x0000000000000000 in ?? ()
(gdb)
"

Regards,
Sanjaya

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault ssl23_connect()

Matt Caswell-2


On 16/04/17 20:17, Sanjaya Joshi wrote:

> Hello,
>
> I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to
> external LDAP server. The used openssl version is 1.0.2k.
>
> While establishing the secure connection from client, i observe the
> following segmentation fault occasionally (Not always reproducible).
>
> Any pointers please ?
>

Are you able to compile openssl with debug symbols? That's not a lot to
go on.

Matt

> "
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Core was generated by `/opt/nsn/pac_bor_qx_e1/bin/border'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00007fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> (gdb) bt
> #0  0x00007fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> #1  0x00007fd6b3495516 in ssl23_connect () from /usr/lib64/libssl.so.1.0.0
> #2  0x00007fd6b7d2d6cf in ldap_int_tls_connect (ld=0x7fd6880486d0,
> conn=0x7fd68802d9e0) at tls.c:805
> #3  0x00007fd6b7d2ece0 in ldap_int_tls_start (ld=0x7fd6880486d0,
> conn=0x7fd68802d9e0, srv=0x0) at tls.c:1511
> #4  0x00007fd6b7d2f6e9 in ldap_install_tls (ld=0x7fd6880486d0) at tls.c:1935
> #5  0x00007fd6bb46c6c1 in open_connection_as
> (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389, client_access=0,
>     user_dn=0x7fd6880543c8
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
>     user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838,
> network_timeout=5000, request_id=0x7fd6962d144c,
>     error_string=0x7fd6962d1440, isSecure=2, cacertFile=0x7fd688048bf8
> "/etc/certs/cacert.pem",
>     ciphers=0x7fd68805e138
> "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA",
> reqCert=0x7fd6962d2558) at ../src/api.c:1048
> #6  0x00007fd6bb46ca97 in open_secure_connection_starttls_request
> (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389,
>     client_access=0, user_dn=0x7fd6880543c8
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
>     user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838,
> network_timeout=5000, request_id=0x7fd6962d144c,
>     error_string=0x7fd6962d1440, cacertFile=0x7fd688048bf8
> "/etc/certs/cacert.pem",
>     ciphers=0x7fd68805e138
> "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA",
> reqCert=0x7fd6962d2558) at ../src/api.c:1258
> #7  0x00007fd6b9c899c8 in tryConnectExtLdap (host=0x7fd68805de90
> "10.55.433.1", port=389,
>     binddn=0x7fd6962d3380
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> pwd=0x7fd6962d3c70 "saaadh45sks",
>     _extHandle=@0x7fd6962d2838: 0x7fd6880486d0, peopledn=0x7fd6880495b0
> "ou=people,ou=accounts,dc=sasa,dc=test,dc=net", secureMode=0,
>     cacertFile=..., ciphers=..., reqCert=5, timeout_ms=5000)
>     at ../../src/acct.cpp:1694
> #8  0x00007fd6b9c88df1 in validate_account (accountName=0x7fd6962d3380
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
>     accountPassword=0x7fd6962d3c70 "saaadh45sks") at ../../src/acct.cpp:1623
> #9  0x0000000000479d3a in set_acc
> (userName=userName@entry=0x7fd6962d3870 "user1",
>     password=password@entry=0x7fd6962d3c70 "saaadh45sks") at
> ../src/borfunc_cou.c:4066
> #10 0x000000000045217b in _71571_2 (_T=0x42907000) at
> ../src/bor7qxqx.sdl:600
> #11 0x000000000044fd45 in _s71571_ACTIVE (_T=<optimized out>) at
> _Sborha7ACTIVE.c:33
> #12 0x00007fd6b6ec8a65 in call_transition (msg=0x7fd6bc0d8948, process=96)
>     at /home/core/threadmain.c:656
> #13 call_transition_with_fatal_sig_catching (thread=<optimized out>,
> thread@entry=0x25d7d90, process=process@entry=96,
>     msg=msg@entry=0x7fd6bc0d8948) at /home/core/threadmain.c:669
> #14 0x00007fd6b6ec9499 in execute_user_code (msg=0x7fd6bc0d8948,
> process=96, thread=0x25d7d90)
>     at /home/core/threadmain.c:687
> #15 exec_main_loop (thread=0x25d7d90) at /home/core/threadmain.c:882
> #16 thread_context_main (arg=<optimized out>) at /home/core/threadmain.c:592
> #17 0x00007fd6b64f2f50 in ?? () from /lib64/libc.so.6
> #18 0x0000000000000000 in ?? ()
> (gdb)
> "
>
> Regards,
> Sanjaya
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault ssl23_connect()

sanjaya joshi
Thanks. I'll try that. 

Regards, 
Sanjaya 

On 18 Apr 2017 15:27, "Matt Caswell" <[hidden email]> wrote:


On 16/04/17 20:17, Sanjaya Joshi wrote:
> Hello,
>
> I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to
> external LDAP server. The used openssl version is 1.0.2k.
>
> While establishing the secure connection from client, i observe the
> following segmentation fault occasionally (Not always reproducible).
>
> Any pointers please ?
>

Are you able to compile openssl with debug symbols? That's not a lot to
go on.

Matt

> "
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Core was generated by `/opt/nsn/pac_bor_qx_e1/bin/border'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00007fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> (gdb) bt
> #0  0x00007fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> #1  0x00007fd6b3495516 in ssl23_connect () from /usr/lib64/libssl.so.1.0.0
> #2  0x00007fd6b7d2d6cf in ldap_int_tls_connect (ld=0x7fd6880486d0,
> conn=0x7fd68802d9e0) at tls.c:805
> #3  0x00007fd6b7d2ece0 in ldap_int_tls_start (ld=0x7fd6880486d0,
> conn=0x7fd68802d9e0, srv=0x0) at tls.c:1511
> #4  0x00007fd6b7d2f6e9 in ldap_install_tls (ld=0x7fd6880486d0) at tls.c:1935
> #5  0x00007fd6bb46c6c1 in open_connection_as
> (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389, client_access=0,
>     user_dn=0x7fd6880543c8
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
>     user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838,
> network_timeout=5000, request_id=0x7fd6962d144c,
>     error_string=0x7fd6962d1440, isSecure=2, cacertFile=0x7fd688048bf8
> "/etc/certs/cacert.pem",
>     ciphers=0x7fd68805e138
> "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA",
> reqCert=0x7fd6962d2558) at ../src/api.c:1048
> #6  0x00007fd6bb46ca97 in open_secure_connection_starttls_request
> (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389,
>     client_access=0, user_dn=0x7fd6880543c8
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
>     user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838,
> network_timeout=5000, request_id=0x7fd6962d144c,
>     error_string=0x7fd6962d1440, cacertFile=0x7fd688048bf8
> "/etc/certs/cacert.pem",
>     ciphers=0x7fd68805e138
> "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA",
> reqCert=0x7fd6962d2558) at ../src/api.c:1258
> #7  0x00007fd6b9c899c8 in tryConnectExtLdap (host=0x7fd68805de90
> "10.55.433.1", port=389,
>     binddn=0x7fd6962d3380
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> pwd=0x7fd6962d3c70 "saaadh45sks",
>     _extHandle=@0x7fd6962d2838: 0x7fd6880486d0, peopledn=0x7fd6880495b0
> "ou=people,ou=accounts,dc=sasa,dc=test,dc=net", secureMode=0,
>     cacertFile=..., ciphers=..., reqCert=5, timeout_ms=5000)
>     at ../../src/acct.cpp:1694
> #8  0x00007fd6b9c88df1 in validate_account (accountName=0x7fd6962d3380
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
>     accountPassword=0x7fd6962d3c70 "saaadh45sks") at ../../src/acct.cpp:1623
> #9  0x0000000000479d3a in set_acc
> (userName=userName@entry=0x7fd6962d3870 "user1",
>     password=password@entry=0x7fd6962d3c70 "saaadh45sks") at
> ../src/borfunc_cou.c:4066
> #10 0x000000000045217b in _71571_2 (_T=0x42907000) at
> ../src/bor7qxqx.sdl:600
> #11 0x000000000044fd45 in _s71571_ACTIVE (_T=<optimized out>) at
> _Sborha7ACTIVE.c:33
> #12 0x00007fd6b6ec8a65 in call_transition (msg=0x7fd6bc0d8948, process=96)
>     at /home/core/threadmain.c:656
> #13 call_transition_with_fatal_sig_catching (thread=<optimized out>,
> thread@entry=0x25d7d90, process=process@entry=96,
>     msg=msg@entry=0x7fd6bc0d8948) at /home/core/threadmain.c:669
> #14 0x00007fd6b6ec9499 in execute_user_code (msg=0x7fd6bc0d8948,
> process=96, thread=0x25d7d90)
>     at /home/core/threadmain.c:687
> #15 exec_main_loop (thread=0x25d7d90) at /home/core/threadmain.c:882
> #16 thread_context_main (arg=<optimized out>) at /home/core/threadmain.c:592
> #17 0x00007fd6b64f2f50 in ?? () from /lib64/libc.so.6
> #18 0x0000000000000000 in ?? ()
> (gdb)
> "
>
> Regards,
> Sanjaya
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault ssl23_connect()

Michael Ströder
In reply to this post by sanjaya joshi
Sanjaya Joshi wrote:
> I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to external LDAP
> server. The used openssl version is 1.0.2k.

I'm not sure whether OpenSSL 1.0.2k is even usable with this ancient OpenLDAP version.
Especially it was set to historic status by the OpenLDAP project several years ago.

I'd strongly recommend to use a recent OpenLDAP release before trying anything else.

Ciao, Michael.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault ssl23_connect()

Viktor Dukhovni

> On May 2, 2017, at 2:02 PM, Michael Ströder <[hidden email]> wrote:
>
> I'm not sure whether OpenSSL 1.0.2k is even usable with this ancient OpenLDAP version.
> Especially it was set to historic status by the OpenLDAP project several years ago.
>
> I'd strongly recommend to use a recent OpenLDAP release before trying anything else.

It should "just work".  The OpenSSL 1.0.2 branch is expected to provide ABI
compatibility with older software built against OpenSSL 1.0.0, 1.0.1 and
older patch levels of 1.0.2.

There could of course be unfixed bugs in that OpenLDAP version that a newer
version of OpenSSL happens to expose, but generally speaking what worked
with 1.0.0 or 1.0.1 should continue to work with 1.0.2.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users