2017-11-23 07:30 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0014104CentOS-7systemdpublic2017-11-09 12:21
ReporterHenryGu 
PrioritynormalSeveritycrashReproducibilityalways
StatusnewResolutionopen 
Product Version7.4.1708 
Target VersionFixed in Version 
Summary0014104: sshd killed due to invoking a LDAP SSL connection in PAM plugin
DescriptionDescription of problem:
We have a PAM plugin configured for sshd, in /etc/pam.d/sshd, like below:
...
#%PAM-1.0
auth required pam_additional_auth.so
# added start
#auth required pam_env.so
#auth required pam_deny.so
# added end
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
...

In our plugin, we create LDAP SSL connection like below:
...
    if ((rc = ldap_search_s(ld, SEARCH_BASE, LDAP_SCOPE_SUBTREE, ldapFilter, attrs, 0, &results)) != LDAP_SUCCESS) {
        ldap_perror(ld, "**Error: ldap_search_s");
        syslog(LOG_ERR, "invoke: ldap_search_s return %d.", rc);

        /* Unbind/close connection to the LDAP server.. */
        ldap_unbind(ld);

        /* Free the memory allocated for the results.. */
        ldap_msgfree(results);

        return -3;
    }
...

But we encounter below errors while invoking the function sshd->PAM->LDAP SSL
The invoking failed at ldap_search_s without any return value.
We got error below:
============================================================================
   /var/log/audit/audit.log
    type=ANOM_ABEND msg=audit(1510072928.093:486): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=4892 comm="sshd" reason="memory violation" sig=11

   /var/log/messages
    Nov 8 00:40:41 localhost kernel: traps: sshd[4802] general protection ip:7f039a74807d sp:7ffe79c8f810 error:0 in libldap-2.4.so.2.10.7[7f039a733000+51000]
    Nov 8 00:42:08 localhost kernel: traps: sshd[4892] general protection ip:7f315e0ef07d sp:7fff2d0134f0 error:0 in libldap-2.4.so.2.10.7[7f315e0da000+51000]
============================================================================


Version-Release number of selected component (if applicable):
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

How reproducible:
contact me for reproducing

Steps To Reproduce1. install our PAM plugin
2. try it with ssh from client
Additional InformationActual results:
sshd failed

Expected results:
it should work and let login as design
TagsNo tags attached.
abrt_hash
URL
Attached Files

-Relationships
+Relationships

-Notes
There are no notes attached to this issue.
+Notes

-Issue History
Date Modified Username Field Change
2017-11-09 12:21 HenryGu New Issue
+Issue History