[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4179) slapd-meta seg faults if a time attribute is mal formed



Full_Name: Ali Pouya
Version: 2.3.11
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (145.242.3.30)


Hi,
I use back-meta against NDS whith a specific attribute named loginTime. I extend
slapd schema to support loginTime as follows :

attributetype ( dgiNDSAttributeType:4
 NAME 'loginTime'
 DESC 'My Attribute'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
 EQUALITY generalizedTimeMatch
 ORDERING generalizedTimeOrderingMatch
 )

If the attribute value is mal formed in the target directory then slapd seg
faults.

Example :
loginTime: 20050100102420Z 

(I know that 00 january 2005 does not existe).

The back trace and an extract of slapd detailed log follow.
I can provide more information if required
Thanks and Best Regards
Ali Pouya

------------------------------------
back trace
(gdb) bt 15
#0  0x0811cdde in ber_bvarray_free_x (a=0x737361, ctx=0x0) at memory.c:757
#1  0x0811ce30 in ber_bvarray_free (a=0x737361) at memory.c:771
#2  0x08060263 in attr_free (a=0x874f2a8) at attr.c:64
#3  0x080bc18f in meta_back_search (op=0x873e0e0, rs=0xb7b9a230) at
search.c:1075
#4  0x0805bb82 in fe_op_search (op=0x873e0e0, rs=0xb7b9a230) at search.c:349
#5  0x0805b489 in do_search (op=0x873e0e0, rs=0xb7b9a230) at search.c:219
#6  0x0805a321 in connection_operation (ctx=0xb7b9a2b0, arg_v=0x873e0e0) at
connection.c:1061
#7  0x081018c9 in ldap_int_thread_pool_wrapper (xpool=0x86cdb20) at tpool.c:485
#8  0x00f4d341 in start_thread (arg=0xb7b9abb0) at pthread_create.c:261
#9  0x00204fee in ?? () from /lib/tls/libc.so.6
----------------------------------------------------

slapd log extract:
ber_dump: buf=0x0874f568 ptr=0x0874f5a7 end=0x0874f5c7 len=32
  0000:  30 1e 04 09 6c 6f 67 69  6e 54 69 6d 65 31 11 04   0...loginTime1..
  0010:  0f 32 30 30 35 30 31 30  30 31 30 32 34 32 30 5a   .20050100102420Z
ber_scanf fmt ([W]) ber:
ber_dump: buf=0x0874f568 ptr=0x0874f5b4 end=0x0874f5c7 len=19
  0000:  00 11 04 0f 32 30 30 35  30 31 30 30 31 30 32 34   ....200501001024
  0010:  32 30 5a                                           20Z
Segmentation fault (core dumped)