OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/6464
Full headers

From: csdr@lthd.com
Subject: Buffer overflow
Compose comment
Download message
State:
1 replies: 1
4 followups: 1 2 3 4

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 28 Jan 2010 13:33:50 +0000
From: csdr@lthd.com
To: openldap-its@OpenLDAP.org
Subject: Buffer overflow
Full_Name: Chis-Serban Dinu-Razvan
Version: 2.4.21
OS: Fedora 12
URL: http://lthd.com/out1.txt
Submission from: (NULL) (193.231.233.40)


I have a master ldap server running openldap 2.4.21 and 3 replicas running
2.4.15 and 2.4.19 and I when I try to delete/rename an object, the master dies
with an buffer overflow error. I mention that before the master was 2.4.15 and
the replica running 2.4.19 died. I have updated the master to 2.4.19 and it
start dyeing. Then I upgraded it to 2.4.21 an it still dies. It dies even if the
syncprov is off.

Followup 1

Download message
Date: Sat, 30 Jan 2010 15:05:26 -0800
From: Howard Chu <hyc@symas.com>
To: csdr@lthd.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#6464) Buffer overflow
csdr@lthd.com wrote:
> Full_Name: Chis-Serban Dinu-Razvan
> Version: 2.4.21
> OS: Fedora 12
> URL: http://lthd.com/out1.txt
> Submission from: (NULL) (193.231.233.40)
>
>
> I have a master ldap server running openldap 2.4.21 and 3 replicas running
> 2.4.15 and 2.4.19 and I when I try to delete/rename an object, the master
dies
> with an buffer overflow error. I mention that before the master was 2.4.15
and
> the replica running 2.4.19 died. I have updated the master to 2.4.19 and it
> start dyeing. Then I upgraded it to 2.4.21 an it still dies. It dies even
if the
> syncprov is off.
>
Please provide a stack trace from this crash. Be sure to compile with debug 
symbols enabled and no optimization, otherwise we won't be able to track 
anything down.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 2

Download message
Date: Mon, 01 Feb 2010 11:54:00 +0200
From: Dinu-Razvan Chis-Serban <csdr@lthd.com>
To: OpenLDAP ITS <openldap-its@openldap.org>
Subject: Re: (ITS#6464) Buffer overflow
Sorry.
I hope this helps: http://lthd.com/slapd.out

On 01/31/2010 01:05 AM, Howard Chu wrote:
> csdr@lthd.com wrote:
>> Full_Name: Chis-Serban Dinu-Razvan
>> Version: 2.4.21
>> OS: Fedora 12
>> URL: http://lthd.com/out1.txt
>> Submission from: (NULL) (193.231.233.40)
>>
>>
>> I have a master ldap server running openldap 2.4.21 and 3 replicas 
>> running
>> 2.4.15 and 2.4.19 and I when I try to delete/rename an object, the 
>> master dies
>> with an buffer overflow error. I mention that before the master was 
>> 2.4.15 and
>> the replica running 2.4.19 died. I have updated the master to 2.4.19 
>> and it
>> start dyeing. Then I upgraded it to 2.4.21 an it still dies. It dies 
>> even if the
>> syncprov is off.
>>
> Please provide a stack trace from this crash. Be sure to compile with 
> debug symbols enabled and no optimization, otherwise we won't be able 
> to track anything down.
>



Reply 1

Resend
From: Ralf Haferkamp <openldap-its@OpenLDAP.org>
To: csdr@lthd.com
Subject: Re: (ITS#6464) Buffer overflow
Date: Wed Feb 17 00:22:14 2010
CC: openldap-its@OpenLDAP.org
> Sorry.
> I hope this helps: http://lthd.com/slapd.out
Hm, that's not a stack backtrace
(http://www.openldap.org/faq/index.cgi?file=59), but not apart from that, it 
looks like you are hit by ITS#6474. Please test again with current HEAD. Or
apply the changes between 
1.168 and 1.169 of servers/slapd/back-bdb/dn2id.c from CVS  to your 2.4.21
release:

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/dn2id.c.diff?
r1=1.168&r2=1.169&hideattic=1&sortbydate=0&f=h

-- 
Ralf


Followup 3

Download message
Date: Wed, 17 Feb 2010 12:56:28 +0200
From: Dinu-Razvan Chis-Serban <csdr@lthd.com>
To: OpenLDAP ITS <openldap-its@openldap.org>
Subject: Re: (ITS#6464) Buffer overflow
Well .. it worked.

Here are that stack traces if you need them anymore (I thought strace 
did that) ...

http://www.lthd.com/thread_apply_all_bt.txt
and
http://www.lthd.com/bt_full.txt

Thank you.

PS: I am surprised that none has encountered that bug which comes from 
version 2.4.19 (AFAIK)



Followup 4

Download message
From: Ralf Haferkamp <rhafer@suse.de>
To: csdr@lthd.com
Subject: Re: (ITS#6464) Buffer overflow
Date: Wed, 17 Feb 2010 15:06:56 +0100
Cc: openldap-its@openldap.org
Am Mittwoch 17 Februar 2010 11:57:27 schrieb csdr@lthd.com:
> Well .. it worked.
> 
> Here are that stack traces if you need them anymore (I thought strace
> did that) ...
> 
> http://www.lthd.com/thread_apply_all_bt.txt
> and
> http://www.lthd.com/bt_full.txt
> 
> Thank you.
> 
> PS: I am surprised that none has encountered that bug which comes from
> version 2.4.19 (AFAIK)
This problem only appears when using pretty recent gcc Versions and when 
building with -D_FORTIFY_SOURCE=2 (At least for me).

-- 
Ralf


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org