[Date Prev][Date Next] [Chronological] [Thread] [Top]
ldapsearch coredump in ber_free after referral to dead server (ITS#937)

To: openldap-its@OpenLDAP.org
Subject: ldapsearch coredump in ber_free after referral to dead server (ITS#937)
From: Andrew.Findlay@skills-1st.co.uk
Date: Fri, 22 Dec 2000 17:28:53 GMT
Full_Name: Andrew Findlay
Version: 2.0.7
OS: Linux (Red Hat 6.2)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.222.142.75)


ldapsearch crash in OpenLDAP 2.0.7:

I have a local slapd running, with referral set to ldap://root.openldap.org

When I run a search with a base object of dc=openldap,dc=org the ldapsearch
client crashes in io.c. At present, the LDAP server on ldap.openldap.org
is not accepting connections.

Details from GDB and debug flags follow.

Andrew

Andrew.Findlay@skills-1st.co.uk

------------------------------------------------------------------------

[andrew@blue-atlas tools]$ gdb ldapsearch
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) run -C -x -b 'dc=openldap,dc=org' 'objectclass=*'
Starting program: /home/src/openldap-2.0.7/clients/tools/ldapsearch -C -x -b
'dc=openldap,dc=org' 'objectclass=*'
version: 2

#
# filter: objectclass=*
# requesting: ALL
#

# search result
search: 2
result: 10 Referral
text: DNS SRV generated referrals
ref: ldap://ldap.openldap.org:389

# numResponses: 1
ldapsearch: io.c:183: ber_free: Assertion `(( ber )->ber_opts.lbo_valid==0x2)'
failed.

Program received signal SIGABRT, Aborted.
0x40080d41 in __kill () from /lib/libc.so.6
(gdb) where
#0  0x40080d41 in __kill () from /lib/libc.so.6
#1  0x400809b6 in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2  0x400820d8 in abort () at ../sysdeps/generic/abort.c:88
#3  0x4007abae in __assert_fail () at assert.c:59
#4  0x805e8c7 in ber_free (ber=0x80f6610, freebuf=1) at io.c:183
#5  0x8056e82 in ldap_free_request (ld=0x80f4be8, lr=0x80f6690)
    at request.c:557
#6  0x8056e41 in ldap_free_request (ld=0x80f4be8, lr=0x80f64b0)
    at request.c:542
#7  0x8054f4a in ldap_ld_free (ld=0x80f4be8, close=1, sctrls=0x0, cctrls=0x0)
    at unbind.c:72
#8  0x8054ee3 in ldap_unbind_ext (ld=0x80f4be8, sctrls=0x0, cctrls=0x0)
    at unbind.c:37
#9  0x8054f21 in ldap_unbind (ld=0x80f4be8) at unbind.c:54
#10 0x804ca7b in main (argc=1, argv=0xbffff974) at ldapsearch.c:873


It appears that a sanity check is failing because ldap_unbind is trying
to free an connection structure that was not completely set up due to the
unreachable server.

Saucer does not appear to suffer from this problem.

The output when '-d 1' is used follows:
------------------------------------------------------------------------
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: blue-atlas.skills-1st.co.uk
ldap_delayed_open successful, ld_host is (null)
ldap_send_server_request
ber_flush: 14 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Dec 22 17:13:39 2000

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({iaa}) ber:
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_search_ext
put_filter "objectclass=*"
put_filter: default
put_simple_filter "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 57 bytes to sd 3
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Dec 22 17:13:39 2000

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 40 contents:
ldap_read: message type search-result msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({v}) ber:
ldap_chase_v3referrals
ldap_url_parse(ldap://root.openldap.org)
re_encode_request: new msgid 3, new dn <NONE>
ber_scanf fmt ({it) ber:
ber_scanf fmt ({a) ber:
ldap_chase_v3referral: msgid 2, url "ldap://root.openldap.org";
ldap_send_server_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host
ldap_new_socket: 5
ldap_prepare_socket: 5
ldap_connect_to_host: Trying 204.152.186.56:389
ldap_connect_timeout: fd: 5 tm: -1 async: 0
ldap_ndelay_on: 5
ldap_is_sock_ready: 5
ldap_ndelay_off: 5
ldap_int_sasl_open: public.openldap.org
anonymous rebind via ldap_bind_s
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 14 bytes to sd 5
ldap_result msgid 4
ldap_chkResponseList for msgid=4, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 4
wait4msg continue, msgid 4, all 1
** Connections:
* host: root.openldap.org  port: 389
  refcnt: 2  status: Connected
  last used: Fri Dec 22 17:13:39 2000
  rebind in progress
    queue is empty

* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Dec 22 17:13:39 2000

** Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 1, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=4, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 4, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 4, original id 4
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({iaa}) ber:
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg:  0 new referrals
read1msg:  mark request completed, id = 4
request 4 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ber_flush: 57 bytes to sd 5
read1msg:  referral chased, mark request completed, id = 2
read1msg:  1 new referrals
wait4msg continue, msgid -1, all 0
** Connections:
* host: root.openldap.org  port: 389
  refcnt: 1  status: Connected
  last used: Fri Dec 22 17:13:40 2000

* host: localhost  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Dec 22 17:13:39 2000

** Outstanding Requests:
 * msgid 3,  origid 2, status InProgress
   outstanding referrals 0, parent count 1
 * msgid 2,  origid 2, status Request Completed
   outstanding referrals 1, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 71 contents:
ldap_read: message type search-result msgid 3, original id 2
ber_scanf fmt ({iaa) ber:
ber_scanf fmt ({v}) ber:
ldap_chase_v3referrals
ldap_url_parse(ldap://ldap.openldap.org:389)
re_encode_request: new msgid 5, new dn <NONE>
ber_scanf fmt ({it) ber:
ber_scanf fmt ({a) ber:
ldap_chase_v3referral: msgid 3, url "ldap://ldap.openldap.org:389";
ldap_send_server_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 204.152.186.57:389
ldap_connect_timeout: fd: 6 tm: -1 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_is_socket_ready: error on socket 6: errno: 111 (Connection refused)
ldap_close_socket: 6
ldap_err2string
Unable to chase referral "ldap://ldap.openldap.org:389"; (Can't contact LDAP
server)
read1msg:  referral chased, mark request completed, id = 3
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (v) ber:
ber_scanf fmt (}) ber:
ldap_err2string
ldap_unbind
ldap_free_request (origid 2, msgid 3)
ldap_free_request (origid 2, msgid 2)
ldap_free_request (origid 2, msgid 1075121640)
ldapsearch: io.c:183: ber_free: Assertion `(( ber )->ber_opts.lbo_valid==0x2)'
failed.
version: 2

#
# filter: objectclass=*
# requesting: ALL
#

# search result
search: 2
result: 10 Referral
text: DNS SRV generated referrals
ref: ldap://ldap.openldap.org:389

# numResponses: 1
------------------------------------------------------------------------
Prev by Date: configure support for LanManager hashes (ITS#936)
Next by Date: ldapsearch manual page typo (ITS#938)
Index(es):
- Chronological
- Thread