[Bug 1103353] Re: Invalid GnuTLS cipher suite strings causes libldap to crash
Jouko Orava
joorava at iki.fi
Wed Mar 18 18:40:06 UTC 2015
rtandy, this is not specific to slapd, but affects all applications that
use libldap2 and gnutls. Instead of returning a failure at START_TLS,
the library just crashes at a double-free. This makes it difficult to
find the actual problem in services like sssd that crash due to this
bug, although the root cause is a simple configuration mistake. (gnutls
cipherspecs are notoriously complicated, and very easy to get wrong.
Crashing in such a case is, and should be considered, a serious bug.
There is nothing an application can do to mitigate this.)
Attached is a backported patch from 2.4.40 to current Debian/Ubuntu
source package. I applied this to 2.4.31-1+nmu2ubuntu8, added a dummy
changelog entry, and recompiled the package. The changes are localized
and safe, should apply cleanly to other versions too. The patched
library no longer crashes: this fixes the bug.
In other words, this is a trivial bug for the Debian/Ubuntu openldap
maintainers to fix, if they saw the bug serious enough to fix.
** Patch added: "Debian/Ubuntu source package patch, backported from 2.4.40"
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353/+attachment/4349163/+files/openldap-2.4.31-gnutls-backport.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1103353
Title:
Invalid GnuTLS cipher suite strings causes libldap to crash
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353/+subscriptions
More information about the Ubuntu-server-bugs
mailing list