OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/6667
Full headers

From: miguelangel@nbee.es
Subject: memberof infinite recursion on node rename
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 07 Oct 2010 09:17:58 +0000
From: miguelangel@nbee.es
To: openldap-its@OpenLDAP.org
Subject: memberof infinite recursion on node rename
Full_Name: Miguel Angel Ajo Pelayo
Version: 2.4.23 stable
OS: Linux (Centos5)
URL: 
Submission from: (NULL) (95.16.169.142)


 I detected that my (compiled from source) openldap crashes on node
rename. I run gdb and detected an infinite (too big) recursion that seems to be
related with the "memberof" overlay.




This is the GDB / debug output:


>>> dnNormalize: <cn=aaa aaavzadadfa,dc=nbee,dc=es>
<<< dnNormalize: <cn=aaa aaavzadadfa,dc=nbee,dc=es>
bdb_modrdn: new ndn=cn=aaa aaavzadadfa,dc=nbee,dc=es
=> bdb_dn2id("cn=aaa aaavzadadfa,dc=nbee,dc=es")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
=> bdb_dn2id_delete 0x11: "cn=aaa aaavzadadf,dc=nbee,dc=es"
<= bdb_dn2id_delete 0x11: 0
=> bdb_dn2id_add 0x11: "cn=aaa aaavzadadfa,dc=nbee,dc=es"
<= bdb_dn2id_add 0x11: 0
bdb_modify_internal: 0x00000011: cn=aaa aaavzadadfa,dc=nbee,dc=es
oc_check_required entry (cn=aaa aaavzadadfa,dc=nbee,dc=es),
objectClass "inetOrgPerson"
oc_check_required entry (cn=aaa aaavzadadfa,dc=nbee,dc=es),
objectClass "posixAccount"
oc_check_allowed type "givenName"
oc_check_allowed type "sn"
oc_check_allowed type "gidNumber"
oc_check_allowed type "uid"
oc_check_allowed type "uidNumber"
oc_check_allowed type "userPassword"
oc_check_allowed type "loginShell"
oc_check_allowed type "homeDirectory"
oc_check_allowed type "objectClass"
oc_check_allowed type "structuralObjectClass"
oc_check_allowed type "entryUUID"
oc_check_allowed type "creatorsName"
oc_check_allowed type "createTimestamp"
oc_check_allowed type "cn"
oc_check_allowed type "entryCSN"
oc_check_allowed type "modifiersName"
oc_check_allowed type "modifyTimestamp"
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(DELETE,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> key_change(ADD,11)
<= key_change 0
=> entry_encode(0x00000011): cn=aaa aaavzadadfa,dc=nbee,dc=es
<= entry_encode(0x00000011): cn=aaa aaavzadadfa,dc=nbee,dc=es
bdb_modrdn: rdn modified id=00000011 dn="cn=aaa aaavzadadf,dc=nbee,dc=es"
send_ldap_result: conn=1007 op=2 p=3

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79e7b90 (LWP 11613)]
0x080eaf7e in over_op_func (op=0xb79e680c, rs=0xb79e67d0,
which=op_aux_chk_controls) at backover.c:713
713                     db = *op->o_bd;


#0  0x080eaf7e in over_op_func (op=0xb79e680c, rs=0xb79e67d0,
which=op_aux_chk_controls) at backover.c:713
#1  0x080eb21c in over_aux_chk_controls (op=0xb79e680c, rs=0xb79e67d0)
at backover.c:814
#2  0x0807bc38 in backend_check_restrictions (op=0xb79e680c,
rs=0xb79e67d0, opdata=0x0) at backend.c:1036
#3  0x0806e1fa in fe_op_search (op=0xb79e680c, rs=0xb79e67d0) at search.c:334
#4  0x080eae42 in overlay_op_walk (op=0xb79e680c, rs=0xb79e67d0,
which=op_search, oi=0x8304f40, on=0x0) at backover.c:669
#5  0x080eaff7 in over_op_func (op=0xb79e680c, rs=0xb79e67d0,
which=op_search) at backover.c:721
#6  0x080eb0a6 in over_op_search (op=0xb79e680c, rs=0xb79e67d0) at
backover.c:748
#7  0x0806e3a3 in fe_op_search (op=0xb79e680c, rs=0xb79e67d0) at search.c:366

[.......] A LOT of recursion...

#37385 0x080eaff7 in over_op_func (op=0xb79e680c, rs=0xb79e67d0,
which=op_search) at backover.c:721
#373

Message of length 6993 truncated

Followup 1

Download message
Date: Fri, 08 Oct 2010 10:07:47 +0200
From: Pierangelo Masarati <masarati@aero.polimi.it>
To: miguelangel@nbee.es
CC: openldap-its@openldap.org
Subject: Re: (ITS#6667) memberof infinite recursion on node rename
Can you provide a minimal example that triggers the problem?  You should 
boil it down to:

- the slapd.conf or the contents of the cn=config database
- the LDIF needed to populate the database
- the operation that causes the problem (I presume it's a modify or a 
write operation, so you should be able to provide it in form of LDIF and 
main parameters, e.g. the identity that is performing the operation).

Thanks, p.


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org