Hello Ian,
I got a similar report to the one that resulted in commit 9fc20db13.
This time automount crashed in unbind_ldap_connection():
Thread 1 (Thread 0x7f4a8ae44700 (LWP 851)):
#0 0x00007f4a8fab3729 in sk_free () from ./usr/lib64/libcrypto.so.0.9.8
#1 0x00007f4a8fd9f819 in SSL_SESSION_free () from ./usr/lib64/libssl.so.0.9.8
#2 0x00007f4a8fab3ae3 in ?? () from ./usr/lib64/libcrypto.so.0.9.8
#3 0x00007f4a8fd9f737 in SSL_CTX_flush_sessions () from
./usr/lib64/libssl.so.0.9.8
#4 0x00007f4a8fd9d772 in SSL_CTX_free () from ./usr/lib64/libssl.so.0.9.8
#5 0x00007f4a8fd9e210 in SSL_free () from ./usr/lib64/libssl.so.0.9.8
#6 0x00007f4a90efb8ea in ?? () from ./usr/lib64/libldap-2.4.so.2
#7 0x00007f4a90cc1406 in ber_sockbuf_remove_io () from
./usr/lib64/liblber-2.4.so.2
#8 0x00007f4a90cc149d in ber_int_sb_destroy () from
./usr/lib64/liblber-2.4.so.2
#9 0x00007f4a90cc151c in ber_sockbuf_free () from ./usr/lib64/liblber-2.4.so.2
#10 0x00007f4a90edffdc in ldap_ld_free () from ./usr/lib64/libldap-2.4.so.2
#11 0x00007f4a91118000 in unbind_ldap_connection () from
./usr/lib64/autofs/lookup_ldap.so
#12 0x00007f4a9111c0f9 in lookup_mount () from
./usr/lib64/autofs/lookup_ldap.so
#13 0x00007f4a9333be00 in lookup_nss_mount ()
#14 0x00007f4a93333be5 in ?? ()
#15 0x00007f4a92eee7b6 in start_thread () from ./lib64/libpthread.so.0
#16 0x00007f4a92032c5d in clone () from ./lib64/libc.so.6
#17 0x0000000000000000 in ?? ()
It's necessary to serialize calls to ldap_unbind() as well. Please consider
the patch attached for inclusion.
Thanks,
Leonardo
Index: autofs-5.0.8/CHANGELOG
===================================================================
--- autofs-5.0.8.orig/CHANGELOG
+++ autofs-5.0.8/CHANGELOG
@@ -6,6 +6,7 @@
- allow --with-systemd to take a path arg.
- fix WITH_LIBTIRPC function name.
- fix ipv6 libtirpc getport.
+- extend fix for crash due to thread unsafe use of libldap.
17/10/2013 autofs-5.0.8
=======================
Index: autofs-5.0.8/modules/lookup_ldap.c
===================================================================
--- autofs-5.0.8.orig/modules/lookup_ldap.c
+++ autofs-5.0.8/modules/lookup_ldap.c
@@ -53,8 +53,9 @@ static struct ldap_schema common_schema[
static unsigned int common_schema_count = sizeof(common_schema)/sizeof(struct ldap_schema);
/*
- * Initialization of LDAP and OpenSSL must be always serialized to
- * avoid corruption of context structures inside these libraries.
+ * Initialization and de-initialization of LDAP and OpenSSL must be
+ * always serialized to avoid corruption of context structures inside
+ * these libraries.
*/
pthread_mutex_t ldapinit_mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -203,7 +204,7 @@ int bind_ldap_simple(unsigned logopt, LD
return 0;
}
-int unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt)
+int __unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt)
{
int rv;
@@ -220,6 +221,17 @@ int unbind_ldap_connection(unsigned logo
return rv;
}
+int unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt)
+{
+ int rv;
+
+ ldapinit_mutex_lock();
+ rv = __unbind_ldap_connection(logopt, ldap, ctxt);
+ ldapinit_mutex_unlock();
+
+ return rv;
+}
+
LDAP *__init_ldap_connection(unsigned logopt, const char *uri, struct lookup_context *ctxt)
{
LDAP *ldap = NULL;
@@ -280,7 +292,7 @@ LDAP *__init_ldap_connection(unsigned lo
rv = ldap_start_tls_s(ldap, NULL, NULL);
if (rv != LDAP_SUCCESS) {
- unbind_ldap_connection(logopt, ldap, ctxt);
+ __unbind_ldap_connection(logopt, ldap, ctxt);
if (ctxt->tls_required) {
error(logopt, MODPREFIX
"TLS required but START_TLS failed: %s",
