Project

General

Profile

Actions
Copy link

Bug #1093

closed

segmentation fault when using ldap-authentication on 64bit machines

Added by Anonymous about 17 years ago. Updated over 15 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:

Description

What you see:
lighttpd segfaults when trying to authenticate someone against ldap.
This is on a x86_64 architecture and using a gcc with PIE & SSP. Although all 64bit architectures may be affected.

For whatever reason, gcc generates this warning here:

mod_auth.c: In function `auth_ldap_init':
mod_auth.c:581: warning: implicit declaration of function `ldap_init'
mod_auth.c:581: warning: assignment makes pointer from integer without a cast
...
http_auth.c: In function `http_auth_basic_password_compare':
http_auth.c:746: warning: implicit declaration of function `ldap_search_s'
http_auth.c:778: warning: implicit declaration of function `ldap_init'
http_auth.c:778: warning: assignment makes pointer from integer without a cast
...
(and some more from the same kind but they don't matter here)

Gcc now assumes that ldap_init returns an int, but it returns a pointer to an LDAP structure instead.
The next function using this pointer segfaults and explains the corrupted stack I saw in the backtrace.

It seems that all versions are affected. Attached is a patch which applies to 1.4.13 and explicitly declares the function in http_auth.h.

The ldap-stuff in mod_auth should definetely be rewritten since it uses many deprecated functions and lacks some functionality (use multiple ldap-servers for example).

-- dev-zero

Files

Download all files
04_all_lighttpd-1.4.13-auth-ldap-segfault.diff (577 Bytes) 04_all_lighttpd-1.4.13-auth-ldap-segfault.diff Patch to fix the segfault -- dev-zero Anonymous, 2007-03-26 12:28
04_all_lighttpd-1.4.13-deprecated-ldap-api.diff (502 Bytes) 04_all_lighttpd-1.4.13-deprecated-ldap-api.diff And here's therefore a new patch which does exactly this (thanks to Cardoe again :) -- dev-zero Anonymous, 2007-03-26 14:16
lighttpd-1.4.13-ldap-auth.patch (502 Bytes) lighttpd-1.4.13-ldap-auth.patch Proper patch for ldap_init functions. -- cardoe Anonymous, 2007-03-26 14:25
lighttpd-1.4.13-ldap-auth.2.patch (1.24 KB) lighttpd-1.4.13-ldap-auth.2.patch Attached the wrong copy. This is the correct version. However, it does change the way the config file behavior works for LDAP authentication so the previous patch provided by dev-zero is more desirable for 1.4. However reworking the ldap section for 1.5 m Anonymous, 2007-03-26 14:34
lighttpd-1.4.13-ldap-auth.3.patch (1.24 KB) lighttpd-1.4.13-ldap-auth.3.patch Firefox must be caching something... -- cardoe Anonymous, 2007-03-26 14:35
lighttpd-1.4.13-ldap-auth.4.patch (1.24 KB) lighttpd-1.4.13-ldap-auth.4.patch Let's try totally killing firefox... -- cardoe Anonymous, 2007-03-26 14:37
Actions
Copy link
 #1

Updated by darix about 17 years ago

the patch is the wrong solution

either compile wiht -DLDAP_DEPRECATED or use a patch that really adapts to the new openldap api.

http://en.opensuse.org/OpenLDAP_2.3_libldap_upgrade_howto

Actions
Copy link
 #2

Updated by Anonymous about 17 years ago

Jup, Cardoe told me the same :)

-- dev-zero

Actions
Copy link
 #4

Updated by stbuehler over 15 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

I don't think that patch really uses the new api? segfault got fixed.

Actions
Copy link

Also available in: Atom