Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon1.gif   segfault in auth.c:366, posted by gary holman on Fri Apr 23 04:59:58 2021 
    icon2.gif   Re: segfault in auth.c:366, posted by Sebastian Schenk on Fri Apr 23 15:46:39 2021 
       icon2.gif   Re: segfault in auth.c:366, posted by Stefan Ritt on Fri Apr 23 16:21:05 2021 
          icon2.gif   Re: segfault in auth.c:366, posted by Laurent Jean-Rigaud on Sun Apr 25 15:17:27 2021 
       icon2.gif   Re: segfault in auth.c:366, posted by gary holman on Wed Apr 28 04:01:49 2021 
Message ID: 69349     Entry time: Fri Apr 23 04:59:58 2021     Reply to this: 69350
Icon: Entry  Author: gary holman  Author Email: holman@uw.edu 
Category: Bug report  OS: Linux  ELOG Version: ELOG V3.1.4-611 
Subject: segfault in auth.c:366 

Elog version:  ELOG V3.1.4-611489ba

I am running openldap on the localhost.  For some reason now, elogd is segfaulting when (I believe) when a new user is being added to the password file.  For example:

1. I delete user passord file defined in elogd.cfg

2. Bind/Authenticate to LDAP successfully

3.  Segfaults in auth.c ldap_adduser_file()

 

Makefile:
...
ELOGDIR    = /opt/elog
DESTDIR    = $(ROOT)$(PREFIX)/bin
SDESTDIR   = $(ROOT)$(PREFIX)/sbin
RCDIR      = $(ROOT)/etc/rc.d/init.d
SRVDIR     = $(ROOT)/usr/lib/systemd/system

# flag for SSL support
USE_SSL    = 1

# flag for Kerberos support, please turn off if you don't need Kerberos
USE_KRB5   = 0

# flag for LDAP support, please turn off if you don't need LDAP
USE_LDAP   = 1# flag for PAM support, please turn of if you don't need PAM
USE_PAM    = 0
...

For authentication, I am using openldap in the localhost:

----
Authentication = LDAP
LDAP server = ldap://localhost:389
LDAP userbase = ou=people,dc=example,dc=org
LDAP login attribute = uid
LDAP register = 1
Password file = /opt/elog/users
 

gdb output

----------

(gdb) run -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/ubuntu/UPGRADE-42221/work-src/elog/elogd -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
elogd 3.1.4 built Apr 22 2021, 19:19:39 revision 611489ba
File "/var/run/elog/elog.pid" exists, overwriting it.
CKeditor detected
ImageMagick detected
Indexing logbooks ... done
Server listening on port 9011 ...

Breakpoint 1, ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=0x7ffffffd53d0 "", error_size=<optimized out>) at src/auth.c:350
350       if (rc != LDAP_SUCCESS) {
(gdb) n
337       rc = ldap_search_ext_s(
(gdb) n
350       if (rc != LDAP_SUCCESS) {
(gdb) n
358       for(entry = ldap_first_entry(ldap_ld,result);
(gdb) n
371                   if(strcmp(attribute,"mail")==0 || strcmp(attribute,"rfc822Mailbox")==0)
(gdb) n
361          for(attribute = ldap_first_attribute(ldap_ld,entry,&ber);
(gdb) n
365             if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
(gdb) n
366                for(i=0; values[i] != NULL; i++) {
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=<optimized out>, error_size=<optimized out>) at src/auth.c:366
366                for(i=0; values[i] != NULL; i++) {
(gdb) p attribute
$1 = 0x5555567f6a20 "uid"
(gdb) p values
$2 = (char **) 0x567f74f0
 

This user in LDAP:
-------------------------
# TESTUSER, people, example.org
dn: uid=TESTUSER,ou=people,dc=example,dc=org
uid: TESTUSER
cn: TESTUSER
givenName: TESTUSER
sn:: VEVTVFVTRVIg
mail: TESTUSER
uidNumber: 10000
gidNumber: 10000
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
userPassword:: e1NTSEF9Y21ua1lsdFpMZ3ZrZlZ4OUp3MFN3cUY3NWIzdkFCSWY=
 

 

 

 

ELOG V3.1.5-fe60aaf