I am using Openssh 3.8.1p1 on Solaris 2.8 compiled with gcc 3.2.3. I have
nsswitch configured to use file and PADLs ldap module.
When I use nss_ldap without SSL In can login without problem, but with SSL
enabled sshd crashes. When I use openssl 0.9.8b sshd crashes in
obj_name_cmp(line
101):
87 static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b)
88 {
89 int ret;
90
91 ret=a-type-b-type;
92 if (ret == 0)
93 {
94 if ((name_funcs_stack != NULL)
95 (sk_NAME_FUNCS_num(name_funcs_stack)
a-type))
96 {
97
ret=sk_NAME_FUNCS_value(name_funcs_stack,a-type)
98 -cmp_func(a-name,b-name);
99 }
100 else
101 ret=strcmp(a-name,b-name);
102 }
103 return(ret);
104 }
#35;0 0xff132d58 in strcmp () from /usr/lib/libc.so.1
#35;1 0x96660 in obj_name_cmp (a=0x121788, b=0x142290) at o_names.c:101
#35;2 0x950d8 in getrn (lh=0x120c50, data=0x142290, rhash=0x142278) at
lhash.c:418
#35;3 0x94d40 in lh_insert (lh=0x120c50, data=0x142290) at lhash.c:189
#35;4 0x96208 in OBJ_NAME_add (name=0x0, type=2, data=0xfee7163c ) at
o_names.c:175
#35;5 0x6d978 in EVP_add_cipher (c=0xfee7163c) at names.c:71
#35;6 0xfeeb4f70 in SSL_library_init () from /opt/DBssllib/lib/libssl.so.0.9.8
#35;7 0xff04478c in ldap_pvt_tls_init () at tls.c:169
#35;8 0xff046298 in ldap_int_tls_start (ld=0x12cb00, conn=0x12cb90,
srv=0x12dbe8) at tls.c:1332
#35;9 0xff02906c in ldap_int_open_connection (ld=0x12cb00, conn=0x12cb90,
srv=0x12cbf0, async=0) at open.c:365
#35;10 0xff038a3c in ldap_new_connection (ld=0x12cb00, srvlist=0x12cbf0,
use_ldsb=1, connect=1231856, bind=0x0) at request.c:315
#35;11 0xff028af0 in ldap_open_defconn (ld=0x12cb00) at open.c:30
#35;12 0xff0385c0 in ldap_send_initial_request (ld=0x12cb00, msgtype=96,
dn=0xff08c1a3 uid=unixclient,dc=group,dc=com, ber=0x12cc20) at
request.c:98
#35;13 0xff02ef60 in ldap_sasl_bind (ld=0x12cb00, dn=0xff08c1a3
uid=unixclient,dc=group,dc=com, mechanism=0x0, cred=0xffbebe58,
sctrls=0x0, cctrls=0x12cc20, msgidp=0xffbebe54) at sasl.c:148
#35;14 0xff02f720 in ldap_simple_bind (ld=0x12cb00, dn=0xff08c1a3
uid=unixclient,dc=group,dc=com, passwd=0xff08c1f8 dummy) at sbind.c:81
#35;15 0xff072c90 in do_bind (ld=0x12cb00, timelimit=5, dn=0xff08c1a3
uid=unixclient,dc=group,dc=com, pw=0xff08c1f8 dummy, with_sasl=0) at
ldap-nss.c:1420
#35;16 0xff07292c in do_open () at ldap-nss.c:1277
#35;17 0xff073ad0 in _nss_ldap_search_s (args=0xffbec860,
filterprot=0xff08e798
((objectclass=posixGroup)(memberUid=%s)),
sel=LM_GROUP, sizelimit=0, res=0xffbec85c) at ldap-ns.c:2285
#35;18 0xff074f68 in _nss_ldap_getgroupsbymember_r (be=0x12db88,
args=0xffbecd5c) at ldap-grp.c:305
#35;19 0xff1498c4 in nss_search () from /usr/lib/libc.so.1
#35;20 0xff1986a0 in _getgroupsbymember () from /usr/lib/libc.so.1
#35;21 0xff140f08 in initgroups () from /usr/lib/libc.so.1
#35;22 0x30314 in temporarily_use_uid (pw=0x12b320) at uidswap.c:88
#35;23 0x37b54 in user_key_allowed2 (pw=0x12b320, key=0x12db70, file=0x12f280
/home/moelma/.ssh/authorized_keys2) at auth2-pubkey.c:179
#35;24 0x37eb0 in user_key_allowed (pw=0x12b320, key=0x12db70) at
auth2-pubkey.c:264
#35;25 0x37aa4 in userauth_pubkey (authctxt=0x123408) at auth2-pubkey.c:142
#35;26 0x320b4 in input_userauth_request (type=50, seq=6, ctxt=0x123408) at
auth2.c:195
#35;27 0x5119c in dispatch_run (mode=0, done=0x123408, ctxt=0x123408) at
dispatch.c:93
#35;28 0x31cf0 in do_authentication2 (authctxt=0x123408) at auth2.c:94
#35;29 0x2ac3c in main (ac=11, av=0x2a) at sshd.c:1481
It seems sshd calls ldap with ssl in the main process and in a forked process.
And I think one process might delete the others pointers, but couldn't confirm
it
yet.
BTW If I use an older opesnssl version I get the error in err_cmp and it has
been also reported on RedHat
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=121734 for pam_ldap.
and I think it is similar to the open ticket #35;678
Regards
Markus
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
