Open
Description
My config file looks like this:
ldap_server ad_server {
url "ldaps://192.168.0.73:636/DC=local,DC=lan?uid?sub?(objectClass=posixAccount)";
ssl_check_cert on;
ssl_ca_dir /var/run/ca-trust;
binddn "xxxxxxxxxx";
binddn_passwd "xxxxxxxxxx";
require valid_user;
}
When I remove the ssl_ stuff, it works fine. With it in, however, I get:
...
[alert] 360#360: worker process 405 exited on signal 11
...
Putting things up in GDB, I see the segfault here, in ngx_http_auth_ldap_ssl_handshake_handler:
1340│ if (!addr_verified) { // domain not in cert? try IP
1341│ size_t len; // get IP length
1342├───────────> if (conn->sockaddr->sa_family == 4) len = 4;
1343│ else if (conn->sockaddr->sa_family == 6) len = 16;
1344│ else { // very unlikely indeed
1345│ ngx_http_auth_ldap_close_connection(c);
1346│ return;
1347│ }
1348│ addr_verified = X509_check_ip(cert, (const unsigned char*)conn->sockaddr->sa_data, len, 0);
1349│ }
(gdb) print *conn
$3 = {data = 0x55bdc4c27ff0, read = 0x55bdc4c2c0a0, write = 0x55bdc4c440c0, fd = 21, recv = 0x55bdc45e2078 <ngx_ssl_recv>, send = 0x55bdc45e26f5 <ngx_ssl_write>, recv_chain = 0x55bdc45e2647 <
ngx_ssl_recv_chain>, send_chain = 0x55bdc45e3046 <ngx_ssl_send_chain>, listening = 0x0, sent = 0, log = 0x55bdc4b70ec8, pool = 0x55bdc4b70e60, type = 1, sockaddr = 0x0, socklen = 0, addr_text
= {len = 0, data = 0x0}, proxy_protocol = 0x0, ssl = 0x55bdc4c28228, udp = 0x0, local_sockaddr = 0x0, local_socklen = 0, buffer = 0x0, queue = {prev = 0x0, next = 0x0}, number = 1, requests
= 0, buffered = 0, log_error = 1, timedout = 0, error = 0, destroyed = 0, idle = 0, reusable = 0, close = 0, shared = 0, sendfile = 1, sndlowat = 0, tcp_nodelay = 0, tcp_nopush = 0, need_last
_buf = 0, busy_count = 0, sendfile_task = 0x0}
So conn->sockaddr is 0x0, hence the segfault.
Let me know if you need more information. This is running in a docker container (Dockerfile) and was discovered as I was working on an enhancement for my project, idaholab/Malcolm#128
Here's the backtrace into the function:
(gdb) bt
#0 ngx_http_auth_ldap_ssl_handshake_handler (conn=0x7f9260474590, validate=validate@entry=1) at /usr/src/nginx-auth-ldap/ngx_http_auth_ldap_module.c:1326
#1 0x000055aefc148ecf in ngx_http_auth_ldap_ssl_handshake_validating_handler (conn=<optimized out>) at /usr/src/nginx-auth-ldap/ngx_http_auth_ldap_module.c:1383
#2 0x000055aefc09dccf in ngx_ssl_handshake_handler (ev=0x55aefcf530a0) at src/event/ngx_event_openssl.c:1890
#3 0x000055aefc0983ee in ngx_epoll_process_events (cycle=0x55aefce97eb0, timer=<optimized out>, flags=<optimized out>) at src/event/modules/ngx_epoll_module.c:901
#4 0x000055aefc08c5e9 in ngx_process_events_and_timers (cycle=cycle@entry=0x55aefce97eb0) at src/event/ngx_event.c:247
#5 0x000055aefc096104 in ngx_worker_process_cycle (cycle=0x55aefce97eb0, data=<optimized out>) at src/os/unix/ngx_process_cycle.c:750
#6 0x000055aefc09443d in ngx_spawn_process (cycle=cycle@entry=0x55aefce97eb0, proc=proc@entry=0x55aefc095fdd <ngx_worker_process_cycle>, data=data@entry=0x0, name=name@entry=0x55aefc14e746 "
worker process", respawn=respawn@entry=-3) at src/os/unix/ngx_process.c:199
#7 0x000055aefc095094 in ngx_start_worker_processes (cycle=cycle@entry=0x55aefce97eb0, n=1, type=type@entry=-3) at src/os/unix/ngx_process_cycle.c:359
#8 0x000055aefc096a17 in ngx_master_process_cycle (cycle=0x55aefce97eb0) at src/os/unix/ngx_process_cycle.c:131
#9 0x000055aefc06b097 in main (argc=<optimized out>, argv=<optimized out>) at src/core/nginx.c:382
Metadata
Metadata
Assignees
Labels
No labels