On Fri, May 23, 2014 at 10:06:28PM +0000, Viktor Dukhovni wrote:
> On Fri, May 23, 2014 at 03:27:54PM -0500, Jeff Larsen wrote:
>
> > > Others may not be able to reproduce your problem. Ideally you'd help
> > > the community by identifying the call sequence (stack trace from debugger
> > > attached to faulting cleanup process).
> >
> > The trace is here: http://pastebin.com/Lt9gb6jV
>
> This is a syscall trace, not a stack trace, but it is still informative.
>
> Your OpenLDAP library is linked with GnuTLS, not OpenSSL, and it
> is GnuTLS that is segfaulting when it is unable to open /etc/passwd.
> Either getpwuid() in libc breaks in this case, or GnuTLS is not
> checking return values properly in some way.
The problem appears to have been accidentally fixed in GnuTLS 3.3.0
which postdates the release in Ubuntu 14.04. The broken code is
now dead code inside while (0) { ... problem code ... }.
The reason for the while (0) was to reduce the GnuTLS stack footprint,
not to fix the problem, so the problematic code is still there, but it
is now dead code:
gnutls/lib/system.c:
while(0) {
struct passwd *pwd;
struct passwd _pwd;
char tmp[512];
getpwuid_r(getuid(), &_pwd, tmp, sizeof(tmp), &pwd);
if (pwd != NULL) {
snprintf(path, max_size, "%s/" CONFIG_PATH,
pwd->pw_dir);
} else {
path[0] = 0;
}
}
The code should be checking the return value of getpwuid_r, not
whether it set pwd to zero or not (and the pointer should have been
initialized). One can hope this dead code will either be removed
or fixed (or in any case never revived, nor copied by anyone else).
Ubuntu has the version without the while (0) { ... } guard.
--
Viktor.
