[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6978) Invalid indentation of splitted lines in LDIF input file causes SEGFAULT
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6978) Invalid indentation of splitted lines in LDIF input file causes SEGFAULT
- From: hyc@symas.com
- Date: Thu, 23 Jun 2011 20:42:07 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
jvcelak@redhat.com wrote:
> Full_Name: Jan Vcelak
> Version: 2.5.25
There is no OpenLDAP version 2.5.
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/jvcelak-20110622-ldif-split-indent-segfault-2.patch
> Submission from: (NULL) (209.132.186.34)
>
>
> Hello,
>
> input LDIF file with splitted lines which are indented incorrectly causes
> SEGFAULT of a client tool. Let me show:
>
> $ cat /tmp/invalid.ldif
> dn: cn=B,dc=my-domain,
> dc=com
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
> cn: B
> sn: B
> uid: B
> mail: b@example.org
>
> $ ldapmodify -a -x -f /tmp/invalid.ldif -d2048
> ldif_parse_line: missing ':' after dc=com
> ldapmodify: invalid format (line 2) entry: "cn=B,dc=my-domain,"
> Segmentation fault (core dumped)
>
>
> (gdb) bt full
> #0 __strcasecmp_l_ssse3 () at ../sysdeps/x86_64/strcmp.S:214
> No locals.
> #1 0x000000000042d9f3 in ldap_parse_ldif_record_x (rbuf=0x7fffffffdbb0,
> linenum=1, lr=0x7fffffffdb30, errstr=0x7fffffffe197 "ldapmodify", flags=1,
> ctx=0x0) at ldifutil.c:399
There is no file ldifutil.c in OpenLDAP 2.4.
I don't know what you're testing against, but this bug report appears invalid.
Closing.
> fv = 0
> line = 0x668627 "dc=com"
> dn = 0x668614 "cn=B,dc=my-domain,"
> rc = -9
> modop = 0
> expect_modop = 0
> expect_sep = 0
> ldapadd = 1
> new_entry = 1
> delete_entry = 0
> got_all = 0
> pmods = 0x6697e8
> version = 0
> pctrls = 0x0
> i = 1
> j = 0
> k = -1
> idn = 1
> nmods = 1
> bvl = 0x6697f8
> bv = {bv_len = 0, bv_val = 0x0}
> __PRETTY_FUNCTION__ = "ldap_parse_ldif_record_x"
> #2 0x000000000042e524 in ldap_parse_ldif_record (rbuf=0x7fffffffdbb0,
> linenum=1, lr=0x7fffffffdb30, errstr=0x7fffffffe197 "ldapmodify", flags=1) at
> ldifutil.c:565
> No locals.
> #3 0x0000000000406ff8 in process_ldif_rec (rbuf=0x668610 "dn", linenum=1) at
> ldapmodify.c:404
> lr = {lr_op = 0, lr_dn = {bv_len = 18, bv_val = 0x668614
> "cn=B,dc=my-domain,"}, lr_ctrls = 0x0, ldif_ops = {lr_mods = 0x0, ldif_op_rename
> = {lr_newrdn = {bv_len = 0,
> bv_val = 0x0}, lr_newsuperior = {bv_len = 0, bv_val = 0x0},
> lr_deleteoldrdn = 0}, ldif_op_ext = {lr_extop_oid = {bv_len = 0, bv_val = 0x0},
> lr_extop_data = {
> bv_len = 0, bv_val = 0x0}}, ldif_op_cmp = {lr_cmp_attr = {bv_len
> = 0, bv_val = 0x0}, lr_cmp_bvalue = {bv_len = 0, bv_val = 0x0}}}, lr_ctx = 0x0,
> lr_lines = 2,
> lr_lm = 0x6697d0, lr_mops = 0x0, lr_freeval = 0x6699e0 "", lr_vals =
> 0x669930, lr_btype = 0x669880}
> lrflags = 1
> rc = 0
> rbuf_bv = {bv_len = 0,
> bv_val = 0x66862e "objectclass: inetOrgPerson\nobjectclass:
> organizationalPerson\nobjectclass: person\nobjectclass: top\ncn: B\nsn: B\nuid:
> B\nmail: b@example.org\n"}
> #4 0x0000000000406cb7 in main (argc=6, argv=0x7fffffffdd98) at
> ldapmodify.c:316
> rbuf = 0x668610 "dn"
> rejbuf = 0x0
> rejfp = 0x0
> ldiffp = 0x6600a0
> ldifdummy = {fp = 0x0, prev = 0x0}
> matched_msg = 0x448790 "H\211l$\330L\211d$\340H\215-\003\060!"
> error_msg = 0x8000<Address 0x8000 out of bounds>
> rc = 0
> retval = 0
> ldifrc = 1
> len = 4491152
> i = 0
> lineno = 1
> nextline = 11
> lmax = 4119
> c = {{ldctl_oid = 0x7fe0f05<Address 0x7fe0f05 out of bounds>,
> ldctl_value = {bv_len = 5044973646, bv_val = 0x0}, ldctl_iscritical = 0
> '\000'}}
> (gdb) frame 1
> #1 0x000000000042d9f3 in ldap_parse_ldif_record_x (rbuf=0x7fffffffdbb0,
> linenum=1, lr=0x7fffffffdb30, errstr=0x7fffffffe197 "ldapmodify", flags=1,
> ctx=0x0) at ldifutil.c:399
> 399 if ( !BV_CASEMATCH( lr->lr_btype+i,&bv )) {
> (gdb) p *(lr->lr_btype+1)
> $1 = {bv_len = 0, bv_val = 0x668627 "dc=com"}
> (gdb)
>
> bv_len is set incorrectly to zero and therefore the string will be compared
> against bv, which is a "null string".
>
> I have uploaded patch to address this issue.
>
> With the patch applied, the output is following:
>
> ./ldapmodify -a -x -f /tmp/invalid.ldif -d2048
> ldif_parse_line: missing ':' after dc=com
> ldapmodify: invalid format (line 2) entry: "cn=B,dc=my-domain,"
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/