[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4180) slapd (back-sql) hangs/segfaults on SASL bind



On Fri, 2005-11-18 at 21:45 +0000, Nels@maei.ca wrote:

> Breakpoint 1, slap_sasl_canonicalize (sconn=0x9f3d1d0, context=0xb757cb88, 
>     in=0x9f3e510 "nels", inlen=135677768, flags=1, user_realm=0x0, 
>     out=0x9f3dbe1 "", out_max=256, out_len=0x9f3da40) at sasl.c:543
> 543             Connection *conn = (Connection *)context;
> 
> [...]
> 
> 629             prop_set( props, names[0], (char *)&dn, sizeof( dn ) );
> (gdb) p sizeof(dn)
> $1 = 8
> (gdb) p ((char *)&dn)[0]@8
> $2 = "\035\000\000\000¨÷�¶"
> 
> 629             prop_set( props, names[0], (char *)&dn, sizeof( dn ) );
> (gdb) p sizeof(dn)
> $3 = 8
> (gdb) p ((char *)&dn)[0]@8
> $4 = "\035\000\000\000¨÷�¶"
> 
> 627             names[1] = NULL;
> (gdb) 
> 629             prop_set( props, names[0], (char *)&dn, sizeof( dn ) );
> (gdb) p sizeof(dn)
> $5 = 8
> (gdb) p ((char *)&dn)[0]@8
> $6 = "\035\000\000\000¨÷�¶"

OK


> Second time through, it never made it to prop_set().  Here's the 
> entire step-through:
> 
> Breakpoint 1, slap_sasl_canonicalize (sconn=0x9f3d1d0, 
> context=0xb757cb88, 
>     in=0x9f3e510 "nels", inlen=135677768, flags=2, user_realm=0x0, 
>     out=0x9f3dae0 "", out_max=256, out_len=0x9f3da3c) at sasl.c:543
> 543             Connection *conn = (Connection *)context;
> 544             struct propctx *props = sasl_auxprop_getctx( sconn );
> 542     {
> 543             Connection *conn = (Connection *)context;
> 545             struct propval auxvals[3] = { 0 };
> 544             struct propctx *props = sasl_auxprop_getctx( sconn );
> 545             struct propval auxvals[3] = { 0 };
> 551             *out_len = 0;
> 556                     in ? in : "<empty>");
> 561             if ( inlen > out_max )
> 569             if ( !conn->c_sasl_bindop ||
> 573             prop_getnames( props, slap_propnames, auxvals );
> 574             if ( !auxvals[0].name )
> 577             if ( flags & SASL_CU_AUTHID )
> 583             if ( !auxvals[PROP_CONN].values ) {
> 577             if ( flags & SASL_CU_AUTHID )
> 583             if ( !auxvals[PROP_CONN].values ) {
> 590             if ( auxvals[which].values )

^^^ This shouldn't have happened.  auxvals[which].values here contains
garbage instead of 0, although we reset it at 545 before calling
prop_getnames() at 573.  Could you make sure, e.g. by executing

(gdb) p auxvals

before calling prop_getnames(), that all the fields are initially zero,
and see how they get filled by that call?

Note, I suspect from your prints that you optimized the build.  Could
you try building with -O0, just in case?

p.




Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------