Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

389 ldap server segfaults during Qualys vulnerability scan #2248

Closed
389-ds-bot opened this issue Sep 13, 2020 · 5 comments
Closed

389 ldap server segfaults during Qualys vulnerability scan #2248

389-ds-bot opened this issue Sep 13, 2020 · 5 comments
Labels
closed: not a bug Migration flag - Issue

Comments

@389-ds-bot
Copy link

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/49189

Issue Description

We have two 389 servers with replication configured and active. Some Java applications served by both.
When we run a Qualys vulnerability scan on the VMs that runs the services one or both ns-slapd daemons dies unexpectedly:

Mar 22 13:42:52 ips1.devenv.dev kernel: ns-slapd[2321]: segfault at 0 ip 00007f244de1a4e8 sp 00007f24237e57e8 error 6 in libc-2.17.so[7f244dccf000+1b6000]
Mar 22 13:42:53 ips1.devenv.dev systemd[1]: dirsrv@ips_ips1.service: main process exited, code=killed, status=11/SEGV

Operating System

CentOS Linux release 7.3.1611 (Core)
Every packages is kept up to date to centos-updates and epel repos

Package Version and Platform

Name : 389-ds-base
Arch : x86_64
Version : 1.3.5.10
Release : 18.el7_3
Size : 5.2 M
Repo : installed
From repo : updates
Summary : 389 Directory Server (base)
URL : https://www.port389.org/
License : GPLv3+
Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes
: the LDAP server and command line utilities for server administration.

Steps to reproduce

I'm attaching the core dump. Nothing more useful on the logs of the LDAP servers.
stacktrace.dump
@389-ds-bot 389-ds-bot added the closed: not a bug Migration flag - Issue label Sep 13, 2020
@389-ds-bot
Copy link
Author

Comment from firstyear (@Firstyear) at 2017-03-22 23:14:28

Hi there. Thanks for the report.

Reading the trace, this is the offending thread:

Thread 1 (Thread 0x7f53577fe700 (LWP 25383)):
0  __memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:2183
No locals.
1  0x00007f53786af85e in ssl3_GatherCompleteHandshake () from /lib64/libssl3.so
No symbol table info available.
2  0x00007f53786aff79 in ssl_GatherRecord1stHandshake () from /lib64/libssl3.so
No symbol table info available.
3  0x00007f53786b5182 in ssl_Do1stHandshake () from /lib64/libssl3.so
No symbol table info available.
4  0x00007f53786b5f7e in ssl_SecureRecv () from /lib64/libssl3.so
No symbol table info available.
5  0x00007f53786b9be1 in ssl_Recv () from /lib64/libssl3.so
No symbol table info available.
6  0x00007f5379e4e5c7 in connection_read_operation ()
No symbol table info available.
7  0x00007f5379e4edde in connection_threadmain ()
No symbol table info available.
8  0x00007f5377b459bb in _pt_root () from /lib64/libnspr4.so
No symbol table info available.
9  0x00007f53774e5dc5 in start_thread (arg=0x7f53577fe700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f53577fe700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139995927013120, 169946331390907139, 0, 139995927013824, 139995927013120, 1, -216898777570635005, -216969013174627581}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0```
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
10 0x00007f537721473d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

This occurs in libssl3.so, which makes it an issue inside of nss3 rather than DS. I'm going to close this issue, but I'll open one for you on bugzilla.

@389-ds-bot
Copy link
Author

Comment from firstyear (@Firstyear) at 2017-03-22 23:14:39

Metadata Update from @Firstyear:

  • Custom field reviewstatus adjusted to new
  • Custom field type adjusted to defect

@389-ds-bot
Copy link
Author

Comment from firstyear (@Firstyear) at 2017-03-22 23:18:22

Metadata Update from @Firstyear:

  • Issue private status set to: True

@389-ds-bot
Copy link
Author

Comment from firstyear (@Firstyear) at 2017-03-22 23:24:34

Metadata Update from @Firstyear:

@389-ds-bot
Copy link
Author

Comment from firstyear (@Firstyear) at 2017-03-22 23:25:30

I've closed this because it's not a DS issue, it's an nss issue. See the bugzilla link for the details. If you can provide me your email, so that I can attach you to the bugzilla, that would be great. You can contact me as Firstyear at redhat.com. Thanks for reporting this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed: not a bug Migration flag - Issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@389-ds-bot