Summary:ASTERISK-11593: Asterisk segfaults when 'md5secret = userPassword' in res_ldap.conf
Reporter:Gonzalo Servat (gservat)Labels:
Date Opened:2008-03-06 14:31:33.000-0600Date Closed:2010-10-21 08:10:36
Versions:Frequency of
Environment:Attachments:( 0) 20080411__bug12163.diff.txt
( 1) backtrace.txt
( 2) debug_trace.txt

I had res_config_ldap working relatively well when I decided to change md5secret to point at 'userPassword'. Reason for this is that I prefer to manage one password attribute for each user, and not 2. Now, when I try and connect from a SIP client, Asterisk segfaults (every time). If I change md5secret back to AstAccountRealmedPassword, it starts working again (sometimes it allows me to login with any password, other times it requires the right password .. but that's another issue altogether)

I've attached the backtrace from gdb. Unfortunately my C is not good enough (nor  my knowledge of the Asterisk internals) to troubleshoot this one. I will happily test if someone finds the problem and attaches a patch.

Thanks in advance!
Comments:By: Gonzalo Servat (gservat) 2008-03-06 14:47:41.000-0600

I think, from the debug trace, the problem is the contents of "ap". Some wierd and funny characters in there. No idea where they came from, though! userPassword contains a standard md5 string for the user I'm trying to authenticate with.

By: Tilghman Lesher (tilghman) 2008-03-07 09:54:34.000-0600

Please recompile with DONT_OPTIMIZE and obtain a backtrace, as specified in doc/backtrace.txt.

By: Gonzalo Servat (gservat) 2008-03-07 11:50:47.000-0600

Hi, sorry about that. I wasn't aware that document existed. I've just uploaded backtrace.txt as per the instructions.

I did a bit more investigating and it appears that, even though when I use ldapsearch I see the userPassword string in plain ASCII, it's encoded in the DB itself. I was talking to suretec (Gavin) about this and he said since res_config_ldap.c uses libldap, it should receive the string the way that ldapsearch receives it (ie. plain text). Anyway, not sure if this helps, just thought I'd mention the outcome that I got from digging in a little. I hope the backtrace.txt helps track down the issue.


By: sasikala (sasikala) 2008-03-12 07:04:54

you made res_config_ldap get it working. Do you have any document how did go and do that? . If you have please give me that document. I need to do ldap authentication for the sip clients. If you give the document or steps it will be helpful for me to do the same.

Thanks in advance.

By: W. Michael Petullo (flyn) 2008-04-11 03:42:33

I have a similar problem in Asterisk 1.6 beta 7 on a PowerPC-based laptop.

Everything works when I use "md5secret = realmedPassword."

But, when I use "md5secret = AstAccountRealmedPassword," Asterisk crashes.

My LDAP database contains:

AstAccountRealmedPassword: {MD5}b85e24480ec3f72a10fc02917f8cfe61

By: Tilghman Lesher (tilghman) 2008-04-11 13:00:15

Candidate patch uploaded.

By: Gonzalo Servat (gservat) 2008-04-11 16:56:37


Thanks for the patch. At least Asterisk doesn't crash now, but it's allowing me to authenticate with *any* password. I commented out 'secret = AstAccountSecret' and uncommented 'md5secret = userPassword', restart Asterisk, tried to register and got in with any password (tried with any random characters). This happened with both; SIP and IAX. I also tried setting 'auth=md5' in iax.conf but it didn't help.

Any thoughts?

By: Tilghman Lesher (tilghman) 2008-04-11 17:04:54

Check out issue ASTERISK-11830

By: Digium Subversion (svnbot) 2008-04-11 18:07:36

Repository: asterisk
Revision: 114085

U   trunk/res/res_config_ldap.c

r114085 | tilghman | 2008-04-11 18:07:30 -0500 (Fri, 11 Apr 2008) | 7 lines

Use the correct function for free'ing objects, and maybe we won't crash.
(closes issue ASTERISK-11593)
Reported by: gservat
      20080411__bug12163.diff.txt uploaded by Corydon76 (license 14)
Tested by: gservat



By: Digium Subversion (svnbot) 2008-04-11 18:08:34

Repository: asterisk
Revision: 114086

_U  branches/1.6.0/
U   branches/1.6.0/res/res_config_ldap.c

r114086 | tilghman | 2008-04-11 18:08:25 -0500 (Fri, 11 Apr 2008) | 15 lines

Merged revisions 114085 via svnmerge from

r114085 | tilghman | 2008-04-11 18:12:16 -0500 (Fri, 11 Apr 2008) | 7 lines

Use the correct function for free'ing objects, and maybe we won't crash.
(closes issue ASTERISK-11593)
Reported by: gservat
      20080411__bug12163.diff.txt uploaded by Corydon76 (license 14)
Tested by: gservat