Discussion:
Exception handling!!!
Pratima Shet
2010-04-20 10:15:12 UTC
Permalink
Hi all,

I am using openldap library in Mac os ( Snow leopard). Some time, my code crashes inside the "liblber".
I am using ldap_start_tls_s(). I think ldap_start_tls_s() is corrupting the ldap handle.
How can I catch the exceptions from the library?

In some link I found out that It supports exception handling.

thanks and regards,
Pratima
m***@aero.polimi.it
2010-04-20 16:37:55 UTC
Permalink
Post by Pratima Shet
Hi all,
I am using openldap library in Mac os ( Snow leopard). Some time, my code
crashes inside the "liblber".
I am using ldap_start_tls_s(). I think ldap_start_tls_s() is corrupting the ldap handle.
How can I catch the exceptions from the library?
In some link I found out that It supports exception handling.
Please make sure you read and follow all guidelines indicated here
<http://www.openldap.org/faq/data/cache/56.html> before continuing the
discussion of this issue. Your message, in its current form, only tells
us you're developing software that at some point calls ldap_start_tls_s().
This is way too vague to configure as a technical discussion.

p.
Pratima Shet
2010-04-21 06:09:31 UTC
Permalink
Hi,
Sorry for insufficient information.
In brief,am trying to connect to LDAP server using following api's

res = ldap_initialize(&ld, ldapuri);
res = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol );
res = ldap_start_tls_s(ld, NULL, NULL);
res = ldap_sasl_interactive_bind_s( ld, NULL, "NTLM", NULL, NULL,sasl_flags, saslInteract, &auth );

My code normally works fine, but in one senario after TLS, it crashed inside ldap_sasl_interactive_bind_s()
API.
Crash report says it crashed in "ber_sockbuf_ctrl + 147" inside "liblber" library.
I think, it is possible to avoid the crash, If I could catch exceptions from library.

Any idea?
Thanks and regards,
Pratima
m***@aero.polimi.it
2010-04-21 16:52:22 UTC
Permalink
Post by Pratima Shet
Hi,
Sorry for insufficient information.
In brief,am trying to connect to LDAP server using following api's
res = ldap_initialize(&ld, ldapuri);
res = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol );
res = ldap_start_tls_s(ld, NULL, NULL);
res = ldap_sasl_interactive_bind_s( ld, NULL, "NTLM", NULL,
NULL,sasl_flags, saslInteract, &auth );
My code normally works fine, but in one senario after TLS, it crashed
inside ldap_sasl_interactive_bind_s()
API.
Crash report says it crashed in "ber_sockbuf_ctrl + 147" inside "liblber" library.
I think, it is possible to avoid the crash, If I could catch exceptions from library.
What about checking the return value of all calls before
ldap_sasl_interactive_bind_s()? If it's not LDAP_SUCCESS, that's an
exception.

p.
Pratima Shet
2010-04-22 05:15:57 UTC
Permalink
Thanks for your reply.
In last mail, I have mentioned ldap API's used in my code. After all API call, am checking the return value. If it is success, then only am going for next api call, otherwise I will return from that point.
In that crash scenario, ldap_start_tls_s() returned LDAP_SUCCESS, but it crashed inside
ldap_sasl_interactive_bind_s().
That is why, I suspected ldap_start_tls_s() has corrupted the handle.
m***@aero.polimi.it
2010-04-22 16:17:25 UTC
Permalink
Post by Pratima Shet
Thanks for your reply.
In last mail, I have mentioned ldap API's used in my code. After all API
call, am checking the return value. If it is success, then only am going
for next api call, otherwise I will return from that point.
In that crash scenario, ldap_start_tls_s() returned LDAP_SUCCESS, but it
crashed inside
ldap_sasl_interactive_bind_s().
That is why, I suspected ldap_start_tls_s() has corrupted the handle.
Please carefully read instructions here
<http://www.openldap.org/faq/data/cache/56.html>, then report useful
information about what is happening:

- a complete code snippet, without anyone having to guess what happens
between the lines;

- a stack backtrace from a core dump from an *unstripped*, *non-optimized*
build with *debug symbols* in your code *and* in the OpenLDAP libraries

p.
Pratima Shet
2010-04-23 06:03:29 UTC
Permalink
Sorry, this is the first time posting to any forum, So, am missing important data.

Below is the, part of code where am initializing and binding connection with the server.

res = ldap_initialize(&ld, ldapuri);
if( res != LDAP_SUCCESS )
{
char *errorM = NULL;
errorM = ldap_err2string(res);
if(errorM != NULL)
// Print Error

return NULL;
}

if(ld != NULL)
{
res = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol );

if(res == LDAP_OPT_SUCCESS)
{
if(ld != NULL)
{
res = ldap_start_tls_s(ld, NULL, NULL);
if(res == LDAP_SUCCESS)
{
if(ld != NULL)
{
res = ldap_sasl_interactive_bind_s( ld, NULL,"NTLM", NULL, NULL,
sasl_flags, saslInteract, &auth );

}
}
}
else
{
//ld is null
}
}
}

And below is the backtrace of the crash.

0 liblber-2.3.0.dylib 0x007b9583 ber_sockbuf_ctrl + 147
1 libldap-2.3.0.dylib 0x007d25ad ldap_host_connected_to + 93
2 libldap-2.3.0.dylib 0x007c67f1 ldap_int_sasl_bind + 177
3 libldap-2.3.0.dylib 0x007c9064 ldap_sasl_interactive_bind_s + 84
4 myApp 0x003f54fb 0x1000 + 4146427
5 myApp 0x003f7e50 0x1000 + 4157008
6 com.apple.Foundation 0x94176ff1 __NSFireMachPort + 325
7 com.apple.CoreFoundation 0x94c03402 __CFMachPortPerform + 338
8 com.apple.CoreFoundation 0x94bff16b __CFRunLoopRun + 6523
9 com.apple.CoreFoundation 0x94bfd0f4 CFRunLoopRunSpecific + 452
10 com.apple.CoreFoundation 0x94bfcf21 CFRunLoopRunInMode + 97
11 com.apple.Foundation 0x9414f380 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 279
12 com.apple.Foundation 0x9414f25d -[NSRunLoop(NSRunLoop) run] + 76
13 com.polycom.CMADesktop 0x003f4c53 0x1000 + 4144211
14 com.apple.Foundation 0x941158dc -[NSThread main] + 45
15 com.apple.Foundation 0x9411588c __NSThread__main__ + 1499
16 libSystem.B.dylib 0x965d5a19 _pthread_start + 345
17 libSystem.B.dylib 0x965d589e thread_start + 34
m***@aero.polimi.it
2010-04-23 17:02:54 UTC
Permalink
Post by Pratima Shet
Sorry, this is the first time posting to any forum, So, am missing important data.
Below is the, part of code where am initializing and binding connection with the server.
res = ldap_initialize(&ld, ldapuri);
if( res != LDAP_SUCCESS )
{
char *errorM = NULL;
errorM = ldap_err2string(res);
if(errorM != NULL)
// Print Error
return NULL;
}
if(ld != NULL)
This test is basically pointless, because if res == LDAP_SUCCESS, ld
cannot be NULL.
Post by Pratima Shet
{
res = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol );
if(res == LDAP_OPT_SUCCESS)
{
if(ld != NULL)
This test is not only pointless, but conceptually wrong, because obviously
ldap_set_option() cannot change its value.
Post by Pratima Shet
{
res = ldap_start_tls_s(ld, NULL, NULL);
if(res == LDAP_SUCCESS)
{
if(ld != NULL)
Same here.
Post by Pratima Shet
{
res = ldap_sasl_interactive_bind_s( ld, NULL,"NTLM", NULL, NULL,
sasl_flags, saslInteract, &auth );
}
}
}
else
{
//ld is null
}
}
}
And below is the backtrace of the crash.
0 liblber-2.3.0.dylib 0x007b9583 ber_sockbuf_ctrl + 147
1 libldap-2.3.0.dylib 0x007d25ad ldap_host_connected_to + 93
2 libldap-2.3.0.dylib 0x007c67f1 ldap_int_sasl_bind + 177
3 libldap-2.3.0.dylib 0x007c9064 ldap_sasl_interactive_bind_s + 84
4 myApp 0x003f54fb 0x1000 + 4146427
5 myApp 0x003f7e50 0x1000 + 4157008
6 com.apple.Foundation 0x94176ff1 __NSFireMachPort + 325
7 com.apple.CoreFoundation 0x94c03402 __CFMachPortPerform + 338
8 com.apple.CoreFoundation 0x94bff16b __CFRunLoopRun + 6523
9 com.apple.CoreFoundation 0x94bfd0f4 CFRunLoopRunSpecific + 452
10 com.apple.CoreFoundation 0x94bfcf21 CFRunLoopRunInMode + 97
11 com.apple.Foundation 0x9414f380 -[NSRunLoop(NSRunLoop)
runMode:beforeDate:] + 279
12 com.apple.Foundation 0x9414f25d -[NSRunLoop(NSRunLoop) run] + 76
13 com.polycom.CMADesktop 0x003f4c53 0x1000 + 4144211
14 com.apple.Foundation 0x941158dc -[NSThread main] + 45
15 com.apple.Foundation 0x9411588c __NSThread__main__ + 1499
16 libSystem.B.dylib 0x965d5a19 _pthread_start + 345
17 libSystem.B.dylib 0x965d589e thread_start + 34
This trace is pointless: it doesn't state at what line of code the error
occurs, and it does not allow to know the value of the arguments. Please
follow the guidelines I pointed you to, especially
<http://www.openldap.org/faq/data/cache/59.html> and remember to use an
*unstripped* binary compiled with -g -O0

BTW, I notice a "thread_start" as the first call; is your application
multi-threaded? If yes, are you linking libldap or libldap_r? And, are
you taking precautions to make sure only one thread at a time accesses
your LDAP handler? Finally, do you realize that, even applications
designed to access LDAP handlers concurrently, operations like Start TLS
and bind need to be performed once for each handle, and serially?

p.
Jason Gerfen
2010-04-23 14:12:34 UTC
Permalink
Why don't you add some error checking in or even set some break points?
Obviously it compiles fine so are you certain your certificate is valid?
Don't you need to set your options prior to your initialize? I would try
that first
Post by Pratima Shet
Sorry, this is the first time posting to any forum, So, am missing important data.
Below is the, part of code where am initializing and binding
connection with the server.
res = ldap_initialize(&ld, ldapuri);
if( res != LDAP_SUCCESS )
{
char *errorM = NULL;
errorM = ldap_err2string(res);
if(errorM != NULL)
// Print Error
return NULL;
}
if(ld != NULL)
{
res = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol );
if(res == LDAP_OPT_SUCCESS)
{
if(ld != NULL)
{
res = ldap_start_tls_s(ld, NULL, NULL);
if(res == LDAP_SUCCESS)
{
if(ld != NULL)
{
res = ldap_sasl_interactive_bind_s( ld, NULL,"NTLM", NULL, NULL,
sasl_flags, saslInteract, &auth );
}
}
}
else
{
//ld is null
}
}
}
And below is the backtrace of the crash.
0 liblber-2.3.0.dylib 0x007b9583 ber_sockbuf_ctrl + 147
1 libldap-2.3.0.dylib 0x007d25ad
ldap_host_connected_to + 93
2 libldap-2.3.0.dylib 0x007c67f1 ldap_int_sasl_bind
+ 177
3 libldap-2.3.0.dylib 0x007c9064
ldap_sasl_interactive_bind_s + 84
4 myApp 0x003f54fb 0x1000 + 4146427
5 myApp 0x003f7e50 0x1000 + 4157008
6 com.apple.Foundation 0x94176ff1 __NSFireMachPort + 325
7 com.apple.CoreFoundation 0x94c03402 __CFMachPortPerform
+ 338
8 com.apple.CoreFoundation 0x94bff16b __CFRunLoopRun + 6523
9 com.apple.CoreFoundation 0x94bfd0f4
CFRunLoopRunSpecific + 452
10 com.apple.CoreFoundation 0x94bfcf21 CFRunLoopRunInMode + 97
11 com.apple.Foundation 0x9414f380
-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 279
12 com.apple.Foundation 0x9414f25d
-[NSRunLoop(NSRunLoop) run] + 76
13 com.polycom.CMADesktop 0x003f4c53 0x1000 + 4144211
14 com.apple.Foundation 0x941158dc -[NSThread main] + 45
15 com.apple.Foundation 0x9411588c __NSThread__main__
+ 1499
16 libSystem.B.dylib 0x965d5a19 _pthread_start + 345
17 libSystem.B.dylib 0x965d589e thread_start + 34
--
Jason Gerfen
Systems Administration/Web application development
***@scl.utah.edu

Marriott Library
Lab Systems PC
295 South 1500 East
Salt Lake City, Utah 84112-0806
Ext 5-9810
Pratima Shet
2010-04-26 05:47:41 UTC
Permalink
Ya, application is multi threaded, but only one thread will handle all ldap related operations.
I am linking to "libldap" not "libldap_r".
Crash happened only once. Am unabled to reproduce it. So, I dont have much information regarding the
line in the library where it crashed exactly.

Handle was not NULL, but it was corrupted.
Is there any way, to check whether ldap handle is proper or valid apart from NULL check ?

Regards,
Pratima
Philip Guenther
2010-04-26 21:42:40 UTC
Permalink
Post by Pratima Shet
Ya, application is multi threaded, but only one thread will handle all
ldap related operations.
The crypto library that you're using may place its own requirements. In
particular, many versions of openssl are only thread-safe if various
callbacks are set before performing operations concurrently in multiple
threads. You may have only one thread doing ldap related operations
(including ldap_start_tls_s()), but perhaps other threads could be doing
crypto or TLS/SSL operations for other tasks or protocols?
Post by Pratima Shet
I am linking to "libldap" not "libldap_r".
My recall is that libldap_r will set up those openssl thread-safety
callbacks for you while libldap won't.

(That's actually a reason in some cases to *not* use libldap_r, as an
application may have reasons for initializing those before initializing
libldap* or independently of doing so.)
Post by Pratima Shet
Crash happened only once. Am unabled to reproduce it. So, I dont have
much information regarding the line in the library where it crashed
exactly.
Yeah, debugging intermittent issues and race-conditions can be (very)
frustrating.
Post by Pratima Shet
Handle was not NULL, but it was corrupted.
Or the SSL handle inside the LDAP handle was corrupt, or some other static
state was corrupt, or...
Post by Pratima Shet
Is there any way, to check whether ldap handle is proper or valid apart from NULL check ?
In general, no.


Philip Guenther

Continue reading on narkive:
Loading...