224295 – net/nss-pam-ldapd - libressl - Stack overflow

Bug 224295 - net/nss-pam-ldapd - libressl - Stack overflow

Summary: net/nss-pam-ldapd - libressl - Stack overflow

Status:	Closed Not Accepted

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Ryan Steinmetz

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-12-12 20:43 UTC by RyanB
Modified:	2017-12-13 15:12 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (zi)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description RyanB 2017-12-12 20:43:23 UTC

Hello,

Compiling this package against libressl instead of openssl causes a stack overflow in nslcd when an authentication attempt comes in.

From messages:

Dec  7 16:21:06 <server> nslcd: stack overflow detected; terminated
Dec  7 16:21:06 <server> kernel: <118>Dec  7 16:21:06 <server> nslcd: stack overflow detected; terminated

The exact same configuration compiled against openssl works just fine.

The nslcd.conf file:

pagesize 1000
referrals off
filter shadow (&(objectClass=posixAccount)(!(objectClass=computer))(uidNumber=*))
map shadow shadowLastChange  pwdLastSet
uid nslcd
gid nslcd
uri ldap://<ldapserver>:389
base dc=domain,dc=tld
ssl starttls
tls_cacertdir /usr/local/etc/openldap/certs
binddn cn=bindacct,dc=domain,dc=tld
bindpw bindpassword

Comment 1 Ryan Steinmetz freebsd_committer

2017-12-12 22:05:38 UTC

Probably best to work with upstream development to resolve this.

Comment 2 RyanB 2017-12-13 15:12:49 UTC

Sounds good, will take this upstream.