Bug#944915: libldap-2.4-2: Segmentation fault in "ldap_unbind_ext"

Tue Nov 19 01:40:25 GMT 2019

Hello,

thank you for your quick and helpful responses!

Am Sun, 17 Nov 2019 10:33:10 -0800
schrieb Ryan Tandy <ryan at nardis.ca>:

> On Sun, Nov 17, 2019 at 05:11:13PM +0100, Lars Kruse wrote:
> >  #0  0xb77acbea in ldap_unbind_ext () at /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2  
> 
> Please could you install libldap-2.4-2-dbgsym and obtain the backtrace again: [..]

I did this now. Thank you for the hint.

> >** (claws-mail:10224): WARNING **: 11:06:04.004: [11:06:04] LDAP error (search): -1 (Unknown error)  
> 
> Is it possible your LDAP server became temporarily unreachable? I am not
> ruling out a bug in libldap but I also wonder whether claws might have an
> issue in its error handling and somehow pass an invalid argument to a libldap
> function.

Interesting!
Indeed this LDAP server is quite often not reachable (local to one site).
I just tried for a few times to reproduce the issue (accessing the LDAP-based
addressbook in claws-mail, while disconnecting the VPN), but I failed.
In fact: the issue happened only once during the last three months.
Thus I guess, the dbgsym-enhanced stack trace will take a bit of time ...

> Any info you can provide that leads to reproducing the error above (which I
> assume is related), or the crash itself, would be appreciated.

I am sorry, I cannot remember any details.

> On Sun, 17 Nov 2019 10:33:10 -0800 Ryan Tandy <ryan at nardis.ca> wrote:
> > On Sun, Nov 17, 2019 at 05:11:13PM +0100, Lars Kruse wrote:  
>  [...]  
> but I think that last address translates to:
> 
>   0x.....bea in ldap_unbind_ext at unbind.c:46
> 
> That would be that line:
> 
>   46              assert( LDAP_VALID( ld ) );
> 
> Therefore this function might have received ld pointing to
> existing memory, but the ld->ldc might point to an invalid address.

Thank you for digging deeper!

I took a look at the source code of claws-mail related to "ldap_unbind":

$ grep -B 1 -r ldap_unbind
src/ldaputil.h-#define LDAP_CONST const
src/ldaputil.h:#define ldap_unbind_ext(ld,x,y) ldap_unbind_s(ld)
--
src/ldapquery.c-        if( qry->ldap ) {
src/ldapquery.c:                rc = ldap_unbind_ext( qry->ldap, NULL, NULL );
--
src/ldapserver.c-       cm_return_if_fail(ld != NULL);
src/ldapserver.c:       rc = ldap_unbind_ext(ld, NULL, NULL);

These pieces look innocent to me at the first glance. But I am not a user of
the LDAP library, thus I cannot tell.

I am afraid, that it will be hard to find the source of the problem without
further information from another more detailed stack trace. Thus in case you are
running out of ideas at the moment, then I would suggest to just wait and hope
for another stack trace or just close the bug report in a few month otherwise.

Thank you for your time!

Cheers,
Lars