[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4306) bad ACL syntax in modification to olcAccess attribute crashes slapd



This backtrace shows that syslog() was given a NULL filename argument; 
that particular bug is now fixed in HEAD.

erici@motown.cc.utexas.edu wrote:
>   This message is in MIME format.  The first part should be readable text,
>   while the remaining parts are likely unreadable without MIME-aware tools.
>   Send mail to mime@docserver.cac.washington.edu for more info.
>
> ---559023410-1902445306-1136500724=:19138
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> 2.3.15 crashes in the same manner as 2.3.14 as far as I can tell.  When
> submitting the following modification I seg fault in the code listed
> below.
>
> dn: olcDatabase={1}bdb,cn=config
> changetype: modify
> delete: olcAccess
> olcAccess: {0}to dn.base=""  by * read
> -
> add: olcAccess
> olcAccess: {0}to dn.base="" by anonymous readby * read
>
>
> (dbx) where
> current thread: t@3
>   [1] strlen(0x0, 0x0, 0xffffffff3abfb4a0, 0x7efefeff, 0x81010100, 0x7), at 0xffffffff7f23d28c
>   [2] _doprnt(0xffffffff3abfa7e0, 0xffffffff3abfa670, 0xffffffff3abfa670, 0x0, 0x73, 0x0), at 0xffffffff7f290300
>   [3] vsnprintf(0xffffffff3abfac47, 0x4c1, 0xffffffff3abfa7e0, 0xffffffff3abfb4a0, 0x81010100, 0xff00), at 0xffffffff7f2924bc
>   [4] vsyslog(0xffffffff7f3c3d50, 0x0, 0xffffffff3abfac47, 0xffffffff3abfabe0, 0x1003b585b, 0xffffffff7f2b046c), at 0xffffffff7f25da
>   [5] _syslog(0x7, 0x1002c8c28, 0x0, 0x0, 0x1003b585b, 0x1003b585b), at 0xffffffff7f25d5ac
> =>[6] parse_acl(be = 0x100485f80, fname = (nil), lineno = 0, argc = 8, argv = 0x1003de290, pos = 0), line 1918 in "aclparse.c"
>   [7] config_generic(c = 0xffffffff3abfed70), line 1182 in "bconfig.c"
>   [8] config_set_vals(Conf = 0x100308c58, c = 0xffffffff3abfed70), line 295 in "config.c"
>   [9] config_add_vals(Conf = 0x100308c58, c = 0xffffffff3abfed70), line 363 in "config.c"
>   [10] config_parse_add(ct = 0x100308c58, c = 0xffffffff3abfed70), line 658 in "config.c"
>   [11] config_modify_internal(ce = 0x10048c880, op = 0x1003eff80, rs = 0xffffffff3abffac8, ca = 0xffffffff3abfed70), line 3907 in "b
>   [12] config_back_modify(op = 0x1003eff80, rs = 0xffffffff3abffac8), line 3984 in "bconfig.c"
>   [13] fe_op_modify(op = 0x1003eff80, rs = 0xffffffff3abffac8), line 398 in "modify.c"
>   [14] do_modify(op = 0x1003eff80, rs = 0xffffffff3abffac8), line 200 in "modify.c"
>   [15] connection_operation(ctx = 0xffffffff3abffc30, arg_v = 0x1003eff80), line 1307 in "connection.c"
>   [16] ldap_int_thread_pool_wrapper(xpool = 0x10035c440), line 481 in "tpool.c"
>
>
> Putting a space between "read" and "by" works properly as expected.
>
> Attached is the output from slapd with '-d -1' starting near the bind.
>
> I don't know if P.M.'s advice to modify a constant at compile time was
> meant to address the silence of the crash or the crash itself, but I'll
> take a look at that tomorrow.
>
> Cheers, all.
>
> On Thu, 5 Jan 2006 Kurt@OpenLDAP.org wrote:
>
>   
>> At 11:02 AM 1/5/2006, erici@motown.cc.utexas.edu wrote:
>>     
>>> Full_Name: Eric Irrgang
>>> Version: 2.3.14
>>> OS: Solaris 9
>>> URL:
>>> Submission from: (NULL) (128.83.217.14)
>>>
>>>
>>> slapd crashes quietly and abruptly when an invalid ACL is added via cn=config.
>>> An ACL that would normally prevent server startup due to syntax errors will
>>> cause the OL 2.3.14 to crash when added via ldapmodify to "dn:
>>> olcDatabase={1}bdb,cn=config".
>>>       
>> And a core stack backtrace (gdb 'bt') as well.
>>
>> Also, as 2.3.15 includes some fixes in the area of ACLs, as
>> well as a Solaris-specific crasher, you should attempt to
>> duplicate the problem in 2.3.15.
>>
>> Kurt
>>
>>     
>
>   


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/