[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#5817) ldapadd crashes with '-' in input
Full_Name: Jan Safranek
Version: 2.4.12
OS: Linux (Fedora 9)
URL:
Submission from: (NULL) (89.102.11.105)
ldapadd crashes with assertion 'ldapadd: encode.c:392: ber_put_string: Assertion
`str != ((void *)0)' failed.' on following input:
dn: nisMapName=netgroup.byhost,dc=my-domain,dc=com
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
-
The reason is probably at ldapmodify.c:445, where the lines containing dash are
skipped, apparently for modify operations:
if ( line[0] == '-' && !line[1] ) {
BER_BVZERO( btype+i );
freeval[i] = 0;
continue;
}
ldap_add_ext() seems not to like these empty spaces.
Full backtrace:
(gdb) bt full
#0 0x0000003ea4832215 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x0000003ea4833d83 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x0000003ea482b039 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#3 0x0000000000440e0e in ber_put_string (ber=0x1573390, str=0x0,
tag=18446744073709551615) at encode.c:392
__PRETTY_FUNCTION__ = "ber_put_string"
#4 0x0000000000441f5e in ber_printf (ber=0x1573390, fmt=0x44b34e "s[V]N}") at
encode.c:809
ap = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffeaf5ed80,
reg_save_area = 0x7fffeaf5ecc0}}
s = 0x0
ss = (char **) 0x0
bv = (struct berval *) 0x7fffeaf5ecf0
bvp = (struct berval **) 0x157b718
rc = 0
i = 2
len = 0
__PRETTY_FUNCTION__ = "ber_printf"
#5 0x0000000000414edd in ldap_add_ext (ld=0x15731d0, dn=0x157c714
"nisMapName=netgroup.byhost,dc=my-domain,dc=com", attrs=0x157b6e8, sctrls=0x0,
cctrls=0x0, msgidp=0x7fffeaf5ee6c) at add.c:154
ber = (BerElement *) 0x1573390
i = 2
rc = 30
id = 2
__PRETTY_FUNCTION__ = "ldap_add_ext"
#6 0x0000000000406c07 in domodify (dn=0x157c714
"nisMapName=netgroup.byhost,dc=my-domain,dc=com", pmods=0x157b6e8, pctrls=0x0,
newentry=1)
at ldapmodify.c:1094
msgid = 0
rc = -352981360
i = 3
j = 4474435
k = 0
notascii = 976894522
op = 0
bvp = (struct berval *) 0xa0
#7 0x00000000004063e9 in process_ldif_rec (rbuf=0x157c786 "", linenum=1) at
ldapmodify.c:866
line = 0x0
dn = 0x157c714 "nisMapName=netgroup.byhost,dc=my-domain,dc=com"
newrdn = 0x0
newsup = 0x0
rc = 0
modop = 0
expect_modop = 0
expect_sep = 0
deleteoldrdn = 1
new_entry = 1
delete_entry = 0
got_all = 0
pmods = (LDAPMod **) 0x157b6e8
lm = (LDAPMod *) 0x157b6a0
version = 0
pctrls = (LDAPControl **) 0x0
i = 5
j = 3
k = 6
lines = 5
idn = 1
nmods = 3
btype = (struct berval *) 0x157b5d0
vals = (struct berval *) 0x157b630
bvl = (struct berval **) 0x157b708
bv = {bv_len = 0, bv_val = 0x0}
freeval = 0x157b690 ""
mops = (unsigned char *) 0x0
#8 0x000000000040458b in main (argc=11, argv=0x7fffeaf5f178) at
ldapmodify.c:341
rbuf = 0x157c710 "dn"
rejbuf = 0x0
rejfp = (FILE *) 0x0
ldiffp = (struct LDIFFP *) 0x1572e50
ldifdummy = {fp = 0x0, prev = 0x0}
matched_msg = 0x4473c0 "H\211l$�L\211|$�H\215-/\034!"
error_msg = 0x0
rc = 0
retval = 0
len = 32767
i = 0
lineno = 1
nextline = 6
lmax = 4147
c = {{ldctl_oid = 0x7fffeaf5f020
"\214�|�����3\020", ldctl_value =
{bv_len = 226974810936, bv_val = 0x3ea480ae20 "\016\001"},
ldctl_iscritical = 0 '\0'}}