# Cyrus-SASL bug? (with OpenLDAP)

## AchilleTalon

I am trying to setup OpenLDAP to use GSSAPI to authenticate, this setup is using SASL and I ran into something which looks like a SASL bug. When using the ldapwhoami command, I am getting the following:

```

auser@host1 ~ $ ldapwhoami

SASL/GSSAPI authentication started

SASL username: auser@ABCD.COM

SASL SSF: 56

SASL data security layer installed.

dn:cn=a user,dc=abcd,dc=com

Segmentation fault

```

Here is the versions and flags for involved components:

```
emerge --info cyrus-sasl openldap mit-krb5

Portage 2.1.10.44 (default/linux/x86/10.0, gcc-4.5.3, glibc-2.13-r4, 3.1.10-gentoo-r1 i686)

=================================================================

                        System Settings

=================================================================

System uname: Linux-3.1.10-gentoo-r1-i686-Intel-R-_Celeron-R-_CPU_2.00GHz-with-gentoo-2.0.3

Timestamp of tree: Fri, 10 Feb 2012 17:45:01 +0000

distcc 3.1 i686-pc-linux-gnu [enabled]

ccache version 3.1.6 [enabled]

app-shells/bash:          4.1_p9

dev-java/java-config:     2.1.11-r3

dev-lang/python:          2.4.6, 2.5.4-r4, 2.6.6-r2, 2.7.2-r3, 3.1.4-r3

dev-util/ccache:          3.1.6

dev-util/cmake:           2.8.6-r4

dev-util/pkgconfig:       0.26

sys-apps/baselayout:      2.0.3

sys-apps/openrc:          0.9.8.4

sys-apps/sandbox:         2.5

sys-devel/autoconf:       2.68

sys-devel/automake:       1.10.3, 1.11.1

sys-devel/binutils:       2.21.1-r1

sys-devel/gcc:            4.5.3-r1

sys-devel/gcc-config:     1.4.1-r1

sys-devel/libtool:        2.4-r1

sys-devel/make:           3.82-r1

sys-kernel/linux-headers: 3.1 (virtual/os-headers)

sys-libs/glibc:           2.13-r4

Repositories: gentoo x-layman x-overlay

ACCEPT_KEYWORDS="x86"

ACCEPT_LICENSE="* -@EULA dlj-1.1 PUEL"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-O2 -march=i686 -pipe"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"

CXXFLAGS="-O2 -march=i686 -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="assume-digests binpkg-logs ccache distcc distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"

FFLAGS=""

GENTOO_MIRRORS="http://gentoo.mirrors.tera-byte.com/ http://gentoo.arcticnetwork.ca/source/ http://adelie.polymtl.ca/ http://gentoo.mirrors.tera-byte.com/ ftp://mirror.iawnet.sandia.gov/pub/gentoo/"

LANG="fr_CA.UTF-8"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS="-j4"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/var/lib/layman /usr/local/overlay"

SYNC="rsync://pauli.cids.ca/gentoo-portage"

USE="aac acl aim alsa apache2 berkdb blas bsf bzip2 cgi cli cracklib crypt cscope ctype cups curl curlwrappers cxx dahdi db2 dbm dbx directfb doc dri dv emacs encode enscript examples exif expat fastcgi fbcon ffmpeg fftw flac flatfile fltk fontconfig foomaticdb gb gcj gd gdbm geoip ggi ginac glut gnutls gpg gphoto2 gpm gps gsl gssapi iconv icq idn ieee1394 imagemagick imap imlib inifile ipv6 ithreads jabber jadetex java javascript jbig jikes jingle jpeg junit kerberos lapack lash latex lcms ldap leim lesstif libcaca libedit libgda libnotify libsamplerate libwww lirc lm_sensors loop-aes maildir mailwrapper mbox mcal milter mime mmap mng modplug modules mpi mplayer msn mudflap mule mysql nas ncurses networkmanager nls nntp nptl nptlonly ocaml ocamlopt odbc ofx ogg openal openldap openmp openssl oscar pam pam_krb5 pam_ssh pcmcia pcre pda perl pfpro php plotutils png posix postgres ppds pppd prefork prelude python radius raw readline rss ruby samba sasl scanner session sha512 sharedext sharedmem slang slp smartcard sndfile snmp soap sockets sox speex spl sqlite sqlite3 sse sse2 ssl svga symlink sysfs syslog sysvipc tcl tcpd tetex threads tokenizer truetype unicode usb vhosts vim-syntax vnc vorbis wavpack wddx wifi wmf x264 x86 xattr xinetd xml xmlrpc xorg xpm xsl xulrunner yahoo yaz zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php-5.3 php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================

                        Package Settings

=================================================================

dev-libs/cyrus-sasl-2.1.23-r6 was built with the following:

USE="berkdb crypt java kerberos mysql openldap pam postgres ssl -authdaemond -gdbm -ntlm_unsupported_patch -sample -srp -urandom"

CFLAGS="-O2 -march=i686 -pipe -fno-strict-aliasing"

CXXFLAGS="-O2 -march=i686 -pipe -fno-strict-aliasing"

net-nds/openldap-2.4.28 was built with the following:

USE="berkdb crypt cxx ipv6 kerberos odbc perl samba sasl slp ssl syslog tcpd -debug -experimental -gnutls -icu -iodbc -minimal -overlays (-selinux) -smbkrb5passwd"

CFLAGS="-O2 -march=i686 -pipe -D_GNU_SOURCE"

CXXFLAGS="-O2 -march=i686 -pipe -D_GNU_SOURCE"

app-crypt/mit-krb5-1.9.2-r2 was built with the following:

USE="doc keyutils openldap pkinit threads xinetd -test"

CFLAGS="-O2 -march=i686 -pipe -I/usr/include/et -fno-strict-aliasing -fno-strict-overflow"

CXXFLAGS="-O2 -march=i686 -pipe -I/usr/include/et -fno-strict-aliasing -fno-strict-overflow"

```

Any hints? How can I debug further the SASL library?

----------

## AchilleTalon

After further investigation I found the following:

- Running ldapwhoami from another client did work fine, the only difference I see between both clients is the architecture, one is 32-bits and the other 64-bits. Both are running same version of glibc, sasl, mit-krb5 and openldap.

- I did run the ldapwhoami command with the debugger (gdb) and find the SIGSEGV is happening in the libc library when freeing some pointer, in fact the whole thing is working until that point which is at the very end of the execution. Here is the debugger session:

```
$ gdb ldapwhoami

GNU gdb (Gentoo 7.3.1 p2) 7.3.1

Copyright (C) 2011 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "i686-pc-linux-gnu".

For bug reporting instructions, please see:

<http://bugs.gentoo.org/>...

Reading symbols from /usr/bin/ldapwhoami...(no debugging symbols found)...done.

(gdb) run

Starting program: /usr/bin/ldapwhoami 

[Thread debugging using libthread_db enabled]

SASL/GSSAPI authentication started

SASL username: auser@ABCD.COM

SASL SSF: 56

SASL data security layer installed.

dn:cn=a user,dc=abcd,dc=com

Program received signal SIGSEGV, Segmentation fault.

0xb7e82231 in free () from /lib/libc.so.6

(gdb) 

```

Any ideas? Hints?

----------

