View Issue Details

IDProjectCategoryView StatusLast Update
0014104CentOS-7systemdpublic2017-11-09 12:21
Status newResolutionopen 
Product Version7.4.1708 
Target VersionFixed in Version 
Summary0014104: sshd killed due to invoking a LDAP SSL connection in PAM plugin
DescriptionDescription of problem:
We have a PAM plugin configured for sshd, in /etc/pam.d/sshd, like below:
auth required
# added start
#auth required
#auth required
# added end
auth required
auth substack password-auth
auth include postlogin

In our plugin, we create LDAP SSL connection like below:
    if ((rc = ldap_search_s(ld, SEARCH_BASE, LDAP_SCOPE_SUBTREE, ldapFilter, attrs, 0, &results)) != LDAP_SUCCESS) {
        ldap_perror(ld, "**Error: ldap_search_s");
        syslog(LOG_ERR, "invoke: ldap_search_s return %d.", rc);

        /* Unbind/close connection to the LDAP server.. */

        /* Free the memory allocated for the results.. */

        return -3;

But we encounter below errors while invoking the function sshd->PAM->LDAP SSL
The invoking failed at ldap_search_s without any return value.
We got error below:
    type=ANOM_ABEND msg=audit(1510072928.093:486): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=4892 comm="sshd" reason="memory violation" sig=11

    Nov 8 00:40:41 localhost kernel: traps: sshd[4802] general protection ip:7f039a74807d sp:7ffe79c8f810 error:0 in[7f039a733000+51000]
    Nov 8 00:42:08 localhost kernel: traps: sshd[4892] general protection ip:7f315e0ef07d sp:7fff2d0134f0 error:0 in[7f315e0da000+51000]

Version-Release number of selected component (if applicable):
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

How reproducible:
contact me for reproducing

Steps To Reproduce1. install our PAM plugin
2. try it with ssh from client
Additional InformationActual results:
sshd failed

Expected results:
it should work and let login as design
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-11-09 12:21 HenryGu New Issue