OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/6117
Full headers

From: luca@openldap.org
Subject: Segfault in hdb_index_mask
Compose comment
Download message
State:
0 replies:
6 followups: 1 2 3 4 5 6

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 14 May 2009 07:22:36 +0000
From: luca@openldap.org
To: openldap-its@OpenLDAP.org
Subject: Segfault in hdb_index_mask
Full_Name: Luca Scamoni
Version: 2.4.16
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (82.63.140.131)


Master segfaulted in hdb_index_mask. For some reason desc is NULL.
Backtrace:
#0  0x00de2d92 in hdb_index_mask (be=0x236ec90, desc=0x0, atname=0x236e958) at
index.c:47
        at = (AttributeType *) 0x99f5f48
        ai = (AttrInfo *) 0x0
#1  0x00dd8ca5 in bdb_modify_idxflags (op=0x9c16a28, desc=0x9af4078,
got_delete=1, newattrs=0x5414fdac, oldattrs=0x5414fdac) at modify.c:54
        ap = (Attribute *) 0x5414fdac
        ix2 = {bv_len = 0, bv_val = 0x2370104 ""}
        ix_at = {bv_len = 25, bv_val = 0x99f5998 "certificateRevocationList"}
        ai = (AttrInfo *) 0x9ab07c0
#2  0x00dd98dc in hdb_modify_internal (op=0x9c16a28, tid=0x9ec6628,
modlist=0xa3189f0, e=0x236eaa0, text=0x2370104, textbuf=0x236eb00 "..#",
textlen=256)
    at modify.c:245
        rc = 0
        err = 0
        mod = (Modification *) 0xa3189f0
        ml = (Modifications *) 0xa3189f0
        save_attrs = (Attribute *) 0x5414fdac
        ap = (Attribute *) 0x0
        glue_attr_delete = 0
        got_delete = 1
        __PRETTY_FUNCTION__ = "hdb_modify_internal"
#3  0x00ddab1a in hdb_modify (op=0x9c16a28, rs=0x23700f0) at modify.c:590
        bdb = (struct bdb_info *) 0x9aaf888
        e = (Entry *) 0x545d316c
        ei = (EntryInfo *) 0x9eb8828
        manageDSAit = 0
        textbuf = "..#\000@.#\000....(.6\002.\226\027\000@.#\000\020\000\000\000\024.y\000.\0007\002\220.6\002H.6\002\026wy\000\020\000\000\000@.#\000....`\2352\n`\2352\n\024.y\000h.6\002|wy\000\020\000\000\000\000\000\000\000\220.6\002\000\000\000\000$\000\000\000@.\026\b\006\000\000\000..\024Tl1]T\000\000\000\000x.5\n\000\000\000\000Dj.\tx.5\n\001\000\000\000\001\000\000\000D\2352\n\000\000\000\000\230\n.\t\230\t.\t\224y'\000\220.6\002(.6\002\232#'\000(j.\t.t.S\001\000\000\000..\021\bL\000\000\000\000\200\000\000"...
        textlen = 256
        ltid = (DB_TXN *) 0xa430420
        lt2 = (DB_TXN *) 0x9ec6628
        opinfo = {boi_oe = {oe_next = {sle_next = 0x0}, oe_key = 0x9aaf888},
boi_txn = 0xa430420, boi_locks = 0x0, boi_err = 0, boi_acl_cache = 0 '\0',
  boi_flag = 0 '\0'}
        dummy = {e_id = 0, e_name = {bv_len = 130, bv_val = 0x0}, e_nname =
{bv_len = 130, bv_val = 0x0}, e_attrs = 0x5414fdac, e_ocflags = 65792, e_bv = {
    bv_len = 0, bv_val = 0x0}, e_private = 0x0}
        lock = {off = 148504, ndx = 108, gen = 438195, mode = DB_LOCK_READ}
        num_retries = 0
        preread_ctrl = (LDAPControl **) 0x0
        postread_ctrl = (LDAPControl **) 0x0
        ctrls = {0x0, 0xffffff40, 0x763c2298, 0x1, 0x0, 0x1}
        num_ctrls = 0
        rc = 37153432
#4  0x080fffe2 in overlay_op_walk (op=0x9c16a28, rs=0x23700f0, which=op_modify,
oi=0x9ab0898, on=0x0) at ../../../servers/slapd/backover.c:669
        func = (BI_op_bind **) 0xf5fb8c
        rc = 32768
#5  0x081001a7 in over_op_func (op=0x9c16a28, rs=0x23700f0, which=op_modify) at
../../../servers/slapd/backover.c:721
        oi = (slap_overinfo *) 0x9ab0898
        on = (slap_overinst *) 0x9ab0998
        be = (BackendDB *) 0x9aaf788
        db = {bd_info = 0xf5fb60, bd_self = 0x9aaf788,
  be_ctrls = "\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001\000\001",
'\0' <repeats 15 times>, "\001", be_flags = 2312, be_restrictops = 0,
  be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0,
sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0,
    sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix =
0x9aaf5b8, be_nsuffix = 0x9ab0680, be_schemadn = {bv_len = 0, bv_val = 0x0},
  be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 34, bv_val =
0x9ab0718 "cn=Manager,dc=a,dc=prod,dc=actalis"}, be_rootndn = {bv_len = 34,
    bv_val = 0x9ab0758 "cn=manager,dc=a,dc=prod,dc=actalis"}, be_rootpw =
{bv_len = 6, bv_val = 0x9ab0548 "secret"}, be_max_deref_depth = 15,
  be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500,
lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0,
    lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x0, be_dfltaccess =
ACL_READ, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0,
  be_pending_csn_list = 0x9af2488, be_pcl_mutex = {__m_reserved = 0, __m_count =
0, __m_owner = 0x0, __m_kind = 0, __m_lock = {__status = 0,
      __spinlock = 0}}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0xf5f940,
be_private = 0x9aaf888, be_next = {stqe_next = 0x9ab0b98}}
        cb = {sc_next = 0x0, sc_response = 0x80ff283 <over_back_response>,
sc_cleanup = 0, sc_private = 0x9ab0898}
        rc = 32768
        __PRETTY_FUNCTION__ = "over_op_func"
#6  0x0810027d in over_op_modify (op=0x9c16a28, rs=0x23700f0) at
../../../servers/slapd/backover.c:755
No locals.
#7  0x08098538 in fe_op_modify (op=0x9c16a28, rs=0x23700f0) at
../../../servers/slapd/modify.c:301
        update = 0
        repl_user = 0

Message of length 8955 truncated

Followup 1

Download message
Date: Thu, 14 May 2009 10:15:58 +0200
From: Luca Scamoni <luca.scamoni@sys-net.it>
To: luca@OpenLDAP.org
CC: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6117) Segfault in hdb_index_mask
Last lines in log file
May 14 07:50:25 quercia01 slapd[29850]: conn=57 op=68 MOD
dn="cn=CRL7,ou=Regione Lombardia Certification Authority
Cittadini,o=Regione Lombardia,c=IT,dc=a,dc
=prod,dc=actalis"
May 14 07:50:25 quercia01 slapd[29850]: conn=57 op=68 MOD
attr=certificateRevocationList;binary
May 14 07:50:25 quercia01 slapd[29850]: slap_queue_csn: queing 0x236e980
20090514055025.683019Z#000000#000#000000


Ing. Luca Scamoni
Responsabile Ricerca e Sviluppo

SysNet s.r.l.
Gruppo Partners Associates
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 0382 573859 (137)
Fax:     +39 0382 476497
Email:   luca.scamoni@sys-net.it
-----------------------------------



Followup 2

Download message
Date: Thu, 14 May 2009 01:38:51 -0700
From: Howard Chu <hyc@symas.com>
To: luca@OpenLDAP.org
CC: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6117) Segfault in hdb_index_mask
luca@OpenLDAP.org wrote:
> Full_Name: Luca Scamoni
> Version: 2.4.16
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (82.63.140.131)
>
>
> Master segfaulted in hdb_index_mask. For some reason desc is NULL.
> Backtrace:

In frame 1 print *ap

> #0  0x00de2d92 in hdb_index_mask (be=0x236ec90, desc=0x0, atname=0x236e958)
at
> index.c:47
>          at = (AttributeType *) 0x99f5f48
>          ai = (AttrInfo *) 0x0
> #1  0x00dd8ca5 in bdb_modify_idxflags (op=0x9c16a28, desc=0x9af4078,
> got_delete=1, newattrs=0x5414fdac, oldattrs=0x5414fdac) at modify.c:54
>          ap = (Attribute *) 0x5414fdac
>          ix2 = {bv_len = 0, bv_val = 0x2370104 ""}
>          ix_at = {bv_len = 25, bv_val = 0x99f5998
"certificateRevocationList"}
>          ai = (AttrInfo *) 0x9ab07c0


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 3

Download message
Date: Thu, 14 May 2009 11:01:00 +0200
From: Luca Scamoni <luca.scamoni@sys-net.it>
To: Howard Chu <hyc@symas.com>
CC: luca@OpenLDAP.org, openldap-its@OpenLDAP.org
Subject: Re: (ITS#6117) Segfault in hdb_index_mask
Howard Chu ha scritto:
> 
> In frame 1 print *ap
> 
p *ap
$1 = {a_desc = 0x0, a_vals = 0x0, a_nvals = 0x0, a_numvals = 0, a_flags
= 0, a_next = 0x54149adc}



Ing. Luca Scamoni
Responsabile Ricerca e Sviluppo

SysNet s.r.l.
Gruppo Partners Associates
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 0382 573859 (137)
Fax:     +39 0382 476497
Email:   luca.scamoni@sys-net.it
-----------------------------------



Followup 4

Download message
Date: Thu, 14 May 2009 02:09:58 -0700
From: Howard Chu <hyc@symas.com>
To: Luca Scamoni <luca.scamoni@sys-net.it>
CC: luca@OpenLDAP.org, openldap-its@OpenLDAP.org
Subject: Re: (ITS#6117) Segfault in hdb_index_mask
Luca Scamoni wrote:
> Howard Chu ha scritto:
>>
>> In frame 1 print *ap
>>
> p *ap
> $1 = {a_desc = 0x0, a_vals = 0x0, a_nvals = 0x0, a_numvals = 0, a_flags
> = 0, a_next = 0x54149adc}

Your frame 1 is pretty much impossible - you have oldattrs == newattrs, but in 
frame 2 the attr list was replaced by a duplicate (using attrs_dup, 
modify.c:94). Perhaps you've got a compiler bug.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 5

Download message
Date: Thu, 14 May 2009 14:25:17 -0700
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: openldap-its@openldap.org
Subject: Re: (ITS#6117) Segfault in hdb_index_mask

--On May 14, 2009 9:10:27 AM +0000 hyc@symas.com wrote:

> Luca Scamoni wrote:
>> Howard Chu ha scritto:
>>>
>>> In frame 1 print *ap
>>>
>> p *ap
>> $1 = {a_desc = 0x0, a_vals = 0x0, a_nvals = 0x0, a_numvals = 0, a_flags
>> = 0, a_next = 0x54149adc}
>
> Your frame 1 is pretty much impossible - you have oldattrs == newattrs,
> but in  frame 2 the attr list was replaced by a duplicate (using
> attrs_dup,  modify.c:94). Perhaps you've got a compiler bug.

Hm, do you build with compiler optimizations enabled?  I build all of my 
OpenLDAP builds with -O0 at this point, due to too many issues cropping up 
when optimized builds were used.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 6

Download message
Date: Thu, 14 May 2009 23:46:47 +0200
From: Luca Scamoni <luca.scamoni@sys-net.it>
To: quanah@zimbra.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#6117) Segfault in hdb_index_mask
quanah@zimbra.com ha scritto:
> --On May 14, 2009 9:10:27 AM +0000 hyc@symas.com wrote:
> 
>> Luca Scamoni wrote:
>>> Howard Chu ha scritto:
>>>> In frame 1 print *ap
>>>>
>>> p *ap
>>> $1 = {a_desc = 0x0, a_vals = 0x0, a_nvals = 0x0, a_numvals = 0,
a_flags
>>> = 0, a_next = 0x54149adc}
>> Your frame 1 is pretty much impossible - you have oldattrs == newattrs,
>> but in  frame 2 the attr list was replaced by a duplicate (using
>> attrs_dup,  modify.c:94). Perhaps you've got a compiler bug.
> 
> Hm, do you build with compiler optimizations enabled?  I build all of my 
> OpenLDAP builds with -O0 at this point, due to too many issues cropping up 
> when optimized builds were used.
> 

No. Optimization is disabled in my builds too


Ing. Luca Scamoni
Responsabile Ricerca e Sviluppo

SysNet s.r.l.
Gruppo Partners Associates
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 0382 573859 (137)
Fax:     +39 0382 476497
Email:   luca.scamoni@sys-net.it
-----------------------------------


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org