[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4180) slapd (back-sql) hangs/segfaults on SASL bind



On 18 Nov 2005 at 0:20, Pierangelo Masarati wrote:

> On Thu, 2005-11-17 at 15:26 -0700, Nels Lindquist wrote:
> > > Can you print the values of authcDN=0xb6c7c678, authzDN=0xb6c7c670
> > > below?
> > 
> > I'm not all that familiar with the operation of gdb... how would I go 
> > about doing that?  I'll check the man pages and see what I can find.
> > 
> > > > #4  0x0808fb77 in slap_sasl_authorized (op=0x9777138,     
> > > > authcDN=0xb6c7c678, authzDN=0xb6c7c670) at saslauthz.c:2074  
> 
> For instance, from this core, do
> (gdb) p *((struct berval *)0xb6c7c678)
> (gdb) p *((struct berval *)0xb6c7c670)
> 
> much like you would do in C.

Here they are (new backtrace, of course):

(gdb) p *((struct berval *)0xb71d7658)
$1 = {bv_len = 29, bv_val = 0xb67fa7b0 "cn=nels 
lindquist,o=maei,c=ca"}
(gdb) p *((struct berval *)0xb71d7650)
$2 = {bv_len = 1685217607, 
  bv_val = 0x47006e65 <Address 0x47006e65 out of bounds>}

Woah!  That second value is authzDN, and I'm betting it shouldn't be 
1685217607 bytes long...

I'll leave this gdb session open in case there's anything else you'd 
like me to poke at.

> The fact that it cores in printf's internals seems to indicate that some
> garbage was passed to it instead of a valid string.  Note that in
> general printing bervals is not a good idea because in many cases the
> intended value is not '\0' terminated.  We should change that as
> appropriate.

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.