9871 – bind operations on relay entries cause slapd to segfault with rwm and ppolicy enabled

Issue 9871 - bind operations on relay entries cause slapd to segfault with rwm and ppolicy enabled

Summary: bind operations on relay entries cause slapd to segfault with rwm and ppolicy...

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.5.12
Hardware:	All All

Importance:	--- normal
Target Milestone:	2.5.13
Assignee:	Howard Chu

URL:
Keywords:

Duplicates (1):	7966 (view as issue list)
Depends on:
Blocks:

Reported:	2022-06-24 00:30 UTC by subbarao@computer.org
Modified:	2022-07-14 21:18 UTC (History)
CC List:	1 user (show)

See Also:	7468

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description subbarao@computer.org 2022-06-24 00:30:09 UTC

On 2.5.12, slapd crashes during bind operations on relay entries with rwm and ppolicy both enabled. A simple way to reproduce this issue is to edit tests/scripts/relay and tests/data/slapd-relay.conf as follows, and then run test030-relay. I think this issue is the same as ITS#7966 reported in 2014.

--- tests/scripts/relay.orig	2022-05-04 07:57:30.000000000 -0700
+++ tests/scripts/relay	2022-06-23 17:16:42.020652093 -0700
@@ -356,6 +356,16 @@
 	exit 1
 fi
 
+$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD <<EOF > /dev/null 2>&1
+dn: cn=ppolicy,dc=example,dc=com
+objectClass: top
+objectClass: device
+objectClass: pwdPolicy
+cn: ppolicy
+pwdMinLength: 5
+pwdAttribute: userPassword
+EOF
+
 BASEDN="o=Example,c=US"
 echo "Changing password to database \"$BASEDN\"..."
 $LDAPPASSWD -H $URI1 -D "cn=Manager,$BASEDN" -w $PASSWD \


--- tests/data/slapd-relay.conf.orig	2022-05-04 07:57:30.000000000 -0700
+++ tests/data/slapd-relay.conf	2022-06-23 16:57:15.184456120 -0700
@@ -31,6 +31,8 @@
 #metamod#moduleload back_meta.la
 #rwmmod#modulepath ../servers/slapd/overlays/
 #rwmmod#moduleload rwm.la
+#ppolicymod#modulepath ../servers/slapd/overlays/
+#ppolicymod#moduleload ppolicy.la
 
 #######################################################################
 # database definitions
@@ -46,6 +48,9 @@
 #ndb#dbname db_1
 #ndb#include @DATADIR@/ndb.conf
 
+overlay ppolicy
+ppolicy_default cn=ppolicy,dc=example,dc=com
+
 database	@RELAY@
 suffix		"o=Example,c=US"
 ### back-relay can automatically instantiate the rwm overlay

Comment 1 Howard Chu 2022-06-24 15:51:51 UTC

Thanks for the test case. Fixed in https://git.openldap.org/openldap/openldap/-/merge_requests/543

Please test and followup, thanks.

Comment 2 Quanah Gibson-Mount 2022-06-24 16:12:40 UTC

*** Issue 7966 has been marked as a duplicate of this issue. ***

Comment 3 subbarao@computer.org 2022-06-24 17:08:34 UTC

On 6/24/22 11:51 AM, openldap-its@openldap.org wrote:
> --- Comment #1 from Howard Chu <hyc@openldap.org> ---
> Thanks for the test case. Fixed in
> https://git.openldap.org/openldap/openldap/-/merge_requests/543
>
> Please test and followup, thanks.

I applied those code changes to 2.5.12 and it works. Thanks for the 
quick response Howard!

Regards,

     -Kartik

Comment 4 Quanah Gibson-Mount 2022-06-29 17:49:09 UTC

head:

  • 4e3687cd 
by Howard Chu at 2022-06-24T16:49:45+01:00 
ITS#9871 slapo-ppolicy: use explicit backend in bind_response

Comment 5 Quanah Gibson-Mount 2022-06-29 17:53:14 UTC

RE26:

  • 3e7003c0 
by Howard Chu at 2022-06-29T17:49:43+00:00 
ITS#9871 slapo-ppolicy: use explicit backend in bind_response


RE25:

  • 6a95709a 
by Howard Chu at 2022-06-29T17:51:59+00:00 
ITS#9871 slapo-ppolicy: use explicit backend in bind_response