Bug 46076 - Return code of apr_ldap_init not checked causing sigabort
Summary: Return code of apr_ldap_init not checked causing sigabort
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ldap (show other bugs)
Version: 2.2.10
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk
Depends on:
Reported: 2008-10-23 03:38 UTC by Christian BOITEL
Modified: 2012-02-26 16:49 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Christian BOITEL 2008-10-23 03:38:17 UTC
This was discovered when investigating an issue in APR-UTIL 1.3x (https://issues.apache.org/bugzilla/show_bug.cgi?id=46064)

in util_ldap.c, return code from apr_ldap_init isn't check which in certains cases will cause httpd to assume the call succeeded. When later using the ldap connection, openldap sdk will fail (assertation failed) and generate a SIGABORT signal causing the httpd process to coredump.

Extract from error_log:
[Wed Oct 22 13:46:17 2008] [debug] mod_authnz_ldap.c(379): [client a.b.c.d] [258172] auth_ldap authenticate: using URL ldap://xxxx/o=xxx?cn?sub?(objectclass=inetOrgPerson)
Assertion failed: __EX, file  sasl.c, line 79
[Wed Oct 22 10:00:33 2008] [notice] child pid 250024 exit signal Abort (6)
Comment 1 Brad Nicholes 2008-10-24 08:54:07 UTC
The success or failure of apr_ldap_init() is being checked through the result parameter rather than the actual return code of the function.  The status code of the ldap call is checked in the if statement that follows the call to apr_ldap_init().  Since there are several pieces of information that need to be returned from an apr_ldap* call, error codes and messages are returned through the result parameter.
Comment 2 Stefan Fritsch 2010-08-18 19:01:09 UTC
Comment 3 Stefan Fritsch 2012-02-26 16:49:39 UTC
fixed in 2.4.1