[asterisk-bugs] [Asterisk 0012572]: [patch] Asterisk crashes when retrieving password from LDAP

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Jun 13 18:51:02 CDT 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12572 
====================================================================== 
Reported By:                flyn
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12572
Category:                   Resources/General
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     ready for testing
Asterisk Version:           1.6.0-beta8 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             05-02-2008 09:25 CDT
Last Modified:              06-13-2008 18:51 CDT
====================================================================== 
Summary:                    [patch] Asterisk crashes when retrieving password
from LDAP
Description: 
I have configured Asterisk to use res_ldap for its SIP and extension
configuration. Asterisk is crashing when it tries to retrieve a users
password from LDAP.

1. Start asterisk in gdb.
2. Execute "asterisk -r -vvv"
3. *CLI> sip show user phone-test load

Asterisk crashes and gdb prints the following backtrace:

(gdb) ba
http://bugs.digium.com/view.php?id=0  0x0fe85030 in free () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=1  0x00d4a218 in ber_memfree_x () from
/usr/lib/liblber-2.4.so.2
http://bugs.digium.com/view.php?id=2  0x00d4aab4 in ber_bvfree_x () from
/usr/lib/liblber-2.4.so.2
http://bugs.digium.com/view.php?id=3  0x00d4aba0 in ber_bvecfree_x () from
/usr/lib/liblber-2.4.so.2
http://bugs.digium.com/view.php?id=4  0x00d4ac08 in ber_bvecfree () from
/usr/lib/liblber-2.4.so.2
http://bugs.digium.com/view.php?id=5  0x0f3401f4 in ldap_value_free_len () from
/usr/lib/libldap-2.4.so.2
http://bugs.digium.com/view.php?id=6  0x0e8b08a0 in realtime_ldap_result_to_vars
(table_config=0x10182db8,
ldap_result=0x10268f68, 
    entries_count_ptr=0x0) at res_config_ldap.c:329
http://bugs.digium.com/view.php?id=7  0x0e8b2bac in realtime_ldap_base_ap
(entries_count_ptr=0x0,
basedn=<value optimized out>, 
    table_name=0x30a3927c "sip", ap=<value optimized out>) at
res_config_ldap.c:814
http://bugs.digium.com/view.php?id=8  0x0e8b3570 in realtime_ldap (basedn=<value
optimized out>,
table_name=<value optimized out>, 
    ap=<value optimized out>) at res_config_ldap.c:903
http://bugs.digium.com/view.php?id=9  0x1004d860 in ast_load_realtime_helper
(family=0xd5cea00 "sipusers",
ap=0x30a39514)
    at config.c:2036
http://bugs.digium.com/view.php?id=10 0x1004dfb0 in ast_load_realtime
(family=<value optimized out>) at
config.c:2059
http://bugs.digium.com/view.php?id=11 0x0d59ee40 in find_user (name=0x1026902e
"phone-test", realtime=1) at
chan_sip.c:3786
http://bugs.digium.com/view.php?id=12 0x0d59efd8 in sip_show_user (e=<value
optimized out>, cmd=<value
optimized out>, a=0x30a39800)
    at chan_sip.c:12744
http://bugs.digium.com/view.php?id=13 0x1004859c in ast_cli_command (fd=21,
s=0x30a3985c "sip show user
phone-test load")
    at cli.c:1888
http://bugs.digium.com/view.php?id=14 0x10048840 in ast_cli_command_multiple
(fd=21, size=30, 
    s=0x30a39aac "sip show user phone-test load") at cli.c:1921
http://bugs.digium.com/view.php?id=15 0x10026b30 in netconsole
(vconsole=0x10153650) at asterisk.c:1007
http://bugs.digium.com/view.php?id=16 0x100e1e88 in dummy_start (data=<value
optimized out>) at utils.c:870
http://bugs.digium.com/view.php?id=17 0x0fc76e3c in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=18 0x0fefb670 in clone () from /lib/libc.so.6
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
====================================================================== 

---------------------------------------------------------------------- 
 flyn - 06-13-08 18:51  
---------------------------------------------------------------------- 
I tried the patch, but still got a segfault with it.

I noticed that you moved from using a while loop to a for loop. I also
noticed that you left an errant v++ (the v++ should be in the for statement
only now). I removed this, but now asterisk crashes with an "illegal
instruction" error. This seems to be a new issue because it remains even if
I comment out the calls to ldap_value_free_len.

Now, here is the strange thing. Assuming I removed the errant "v++"
mentioned above, if I add a "printf("foo\n");" to the
realtime_ldap_result_to_vars function between:

if (strncasecmp(valptr, "{md5}", 5) == 0) {

and:

valptr += 5;

then the "illegal instruction" error goes away and the realtime LDAP
driver works. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
06-13-08 18:51  flyn           Note Added: 0088706                          
======================================================================




More information about the asterisk-bugs mailing list