[users@httpd] segmentation fault in mod_auth_ldap on 2.0.54, stacktrace included

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

 

 

Since some time we have a problem with our Apache server. Version is 2.0.54, installed on a Suse server

(vmlinuz-2.6.5-7.97-bigsmp ).

 

The apache server is authenticating users on an Active Directory server ( W2K ), using the mod_auth_ldap

module. Normally this works fine, but from time to time an httpd process crashes after authentication.

 

We were able to emulate the problem when authenticating using an existing user with an incorrect password.

In this case, the httpd process will crash within 5 requests.

 

1. By using strace, we found this:

 

A good request ( not crashing ):

read(10, "\3a\204\0\0\0^\n\0011\4\0\4W80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece\0", 101) = 101

time(NULL)                              = 1122292378

write(10, "0\5\2\1\4B\0", 7)            = 7

shutdown(10, 2 /* send and receive */)  = 0

close(10)                               = 0

gettimeofday({1122292378, 787045}, NULL) = 0

write(6, "[Mon Jul 25 13:52:58 2005] [warn] [client 10.102.65.47] [32499] auth_ldap authenticate: user t.subversion authentication failed; URI /svnldap/trunk/test.txt [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]\n", 234) = 234

 

A bad request (crashing ):

read(10, "\3a\204\0\0\0^\n\0011\4\0\4W80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece\0", 101) = 101

time(NULL)                              = 1122292386

write(10, "0\5\2\1\4B\0", 7)            = 7

--- SIGSEGV (Segmentation fault) @ 0 (0) ---

+++ killed by SIGSEGV +++

 

At the same time in error.log ( apache LogLevel: debug )

[Mon Jul 25 13:53:06 2005] [debug] mod_auth_ldap.c(337): [client 10.102.65.47] [32499] auth_ldap authenticate: using URL ldap://yyyyyy.yyyyy.yyyyy.net/OU=YYYYYYYYY,dc=yyyyy,dc=yyyyy,dc=net?sAMAccountName?sub?(objectClass=user)

free(): invalid pointer 0x81d0530!

 

2. By using gdb, and then the ‘where’ command after the segmentation fault:

Program received signal SIGSEGV, Segmentation fault.

[Switching to Thread 1078462304 (LWP 6335)]

0x403cdded in _int_free () from /lib/tls/libc.so.6

(gdb) where

#0  0x403cdded in _int_free () from /lib/tls/libc.so.6

#1  0x403ce22b in free () from /lib/tls/libc.so.6

#2  0x401c7c8d in ber_memfree_x () from /usr/lib/liblber.so.199

#3  0x400580bb in ldap_ld_free () from /usr/lib/libldap.so.199

#4  0x400581d4 in ldap_unbind_ext () from /usr/lib/libldap.so.199

#5  0x40058269 in ldap_unbind_s () from /usr/lib/libldap.so.199

#6  0x08064709 in util_ldap_connection_unbind (param=0x81537c8) at util_ldap.c:191

#7  0x0806508e in util_ldap_cache_checkuserid (r=0x81b75d0, ldc=0x81537c8,

    url="" " ldap://yyyyyy.yyyyy.yyyyy.net/OU=YYYYYYYYY,dc=yyyyy,dc=yyyyy,dc=net?sAMAccountName?sub?(objectClass=user)",

    basedn=0x814d2a0 " OU=YYYYYYYYY,dc=yyyyy,dc=yyyyy,dc=net", scope=2,

    attrs=0x814d2d0,

    filter=0xbfffb250 "(&(objectClass=user)(sAMAccountName=t.subversion))",

    bindpw=0x81b91a5 "mlkmlkjmlkjmlkj", binddn=0xbfffb244, retvals=0xbfffb248)

    at util_ldap.c:909

#8  0x0806863b in mod_auth_ldap_check_user_id (r=0x81b75d0) at mod_auth_ldap.c:360

#9  0x080a9ecb in ap_run_check_user_id (r=0x81b75d0) at request.c:69

#10 0x080abcb8 in ap_process_request_internal (r=0x81b75d0) at request.c:217

#11 0x08075eb9 in ap_process_request (r=0x81b75d0) at http_request.c:247

#12 0x0807175c in ap_process_http_connection (c=0x8197480) at http_core.c:251

#13 0x0809eeeb in ap_run_process_connection (c=0x8197480) at connection.c:43

#14 0x08094178 in child_main (child_num_arg=Variable "child_num_arg" is not available.

) at prefork.c:610

#15 0x080942ce in make_child (s=0x80dcfe8, slot=0) at prefork.c:650

#16 0x08094391 in startup_children (number_to_start=5) at prefork.c:722

#17 0x08094a5d in ap_mpm_run (_pconf=0x80d80a8, plog=0x81161a0, s=0x80dcfe8)

    at prefork.c:941

#18 0x08099adc in main (argc=4, argv=0xbfffd634) at main.c:618

 

 

It seems the server crashes when freeing up an ldap resource.

 

Can someone here help me out on this issue? We have been struggling with this for a few months now.

 

Thanks in advance,

 

Lieven.

 


STRICTLY PERSONAL AND CONFIDENTIAL
This message may contain confidential and proprietary material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Dit bericht is enkel bestemd voor de aangeduide ontvangers en kan vertrouwelijke informatie bevatten. Als u niet de ontvanger bent, dan mag u de inhoud van dit bericht niet bekendmaken noch kopiëren. Als u dit bericht per vergissing ontvangen heeft, gelieve er de afzender of De Post onmiddellijk van op de hoogte te brengen en het bericht vervolgens te verwijderen.

Ce message est uniquement destiné aux destinataires indiqués et peut contenir des informations confidentielles. Si vous n'êtes pas le destinataire, vous ne devez pas révéler le contenu de ce message ou en prendre copie. Si vous avez reçu ce message par erreur, veuillez en informer l'expéditeur, ou La Poste immédiatement, avant de le supprimer.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux