On a beta system: $ dmesg |head -n2 OpenBSD 5.1-beta (GENERIC.MP) #178: Thu Feb 2 02:44:59 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
I have openldap clients segfault on me using GSSAPI, e.g.: $ ldapwhoami SASL/GSSAPI authentication started SASL username: re...@test.lan SASL SSF: 56 SASL data security layer installed. Segmentation fault (core dumped) $ gdb ldapwhoami GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-openbsd5.1"...(no debugging symbols found) (gdb) run Starting program: /usr/local/bin/ldapwhoami (no debugging symbols found) SASL/GSSAPI authentication started SASL username: re...@test.lan SASL SSF: 56 SASL data security layer installed. Program received signal SIGSEGV, Segmentation fault. 0x093b099e in sasl_gss_encode () from /usr/local/lib/sasl2/libgssapiv2.so.2.22 (gdb) bt #0 0x093b099e in sasl_gss_encode () from /usr/local/lib/sasl2/libgssapiv2.so.2.22 #1 0x06ff1311 in _sasl_encodev () from /usr/local/lib/libsasl2.so.2.23 #2 0x06ff1832 in sasl_encodev () from /usr/local/lib/libsasl2.so.2.23 #3 0x06ff19fa in sasl_encode () from /usr/local/lib/libsasl2.so.2.23 #4 0x1c023d9a in ?? () #5 0x7edf74d0 in ?? () #6 0x7edf2020 in ?? () #7 0x00000020 in ?? () #8 0x7edf3944 in ?? () #9 0xcfbe83ac in ?? () #10 0x00000061 in ?? () #11 0x000001ff in ?? () #12 0x2a826c98 in ?? () from /usr/lib/libc.so.62.0 #13 0x00000000 in ?? () (gdb) q The program is running. Exit anyway? (y or n) y From reading http://www.spinics.net/lists/cyrus-sasl/msg02004.html, I understand the issue probably is a pointer being assigned to a buffer, that buffer potentially being a NULL pointer, or getting reallocated, invalidating the pointer. Dereferencing the pointer after that (hopefully) segfaults. Since it makes sense to me, I tried the suggestion from that message (assigning the pointer after the potential reallocation) and it seems to solve the problem. What I did: modify the plugins/gssapi.c file and use 'make update-patches' to create the file patches/patch-plugins_gssapi_c: $OpenBSD$ --- plugins/gssapi.c.orig Mon Feb 6 09:30:58 2012 +++ plugins/gssapi.c Mon Feb 6 09:31:47 2012 @@ -370,7 +370,7 @@ sasl_gss_encode(void *context, const struct iovec *inv } if (output_token->value && output) { - unsigned char * p = (unsigned char *) text->encode_buf; + unsigned char * p; ret = _plug_buf_alloc(text->utils, &(text->encode_buf), @@ -384,6 +384,8 @@ sasl_gss_encode(void *context, const struct iovec *inv return ret; } + p = (unsigned char *) text->encode_buf; + p[0] = (output_token->length>>24) & 0xFF; p[1] = (output_token->length>>16) & 0xFF; p[2] = (output_token->length>>8) & 0xFF; updated the package revision: ? patches/patch-plugins_gssapi_c Index: Makefile =================================================================== RCS file: /cvs/ports/security/cyrus-sasl2/Makefile,v retrieving revision 1.64 diff -u -r1.64 Makefile --- Makefile 21 Dec 2011 14:36:15 -0000 1.64 +++ Makefile 6 Feb 2012 09:12:42 -0000 @@ -20,7 +20,7 @@ CATEGORIES= security -REVISION= 1 +REVISION= 2 HOMEPAGE= http://www.cyrusimap.org/ in directory ~/ports/security/cyrus-sasl2, do: $ make clean $ make configure $ make $ make fake $ make package $ make update resulting in a working ldapwhoami: $ ldapwhoami SASL/GSSAPI authentication started SASL username: re...@test.lan SASL SSF: 56 SASL data security layer installed. dn:uid=remco,cn=gssapi,cn=auth