OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/7451
Full headers

From: jvcelak@redhat.com
Subject: [PATCH] slapcat: fix segfault when unable to get database first entry
Compose comment
Download message
State:
0 replies:
3 followups: 1 2 3

Major security issue: yes  no

Notes:

Notification:


Date: Mon, 26 Nov 2012 14:56:50 +0000
From: jvcelak@redhat.com
To: openldap-its@OpenLDAP.org
Subject: [PATCH] slapcat: fix segfault when unable to get database first entry
Full_Name: Jan Vcelak
Version: git master
OS: Linux
URL: ftp://ftp.openldap.org/incoming/jvcelak-121126-slapcat-fix-segfault-unable-to-get-db-first-entry.patch
Submission from: (NULL) (209.132.186.34)


Tool slapcat segfaults when there is an empty slapd.d config directory and
'slapcat -c -H ldap:///cn=config' is invoked.

# gdb --args ./servers/slapd/slapcat -c -H 'ldap:///cn=config'
...
(gdb) r
...
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
# no data for entry id=00000000


Program received signal SIGSEGV, Segmentation fault.
0x000000000052d761 in ldif_tool_entry_next (be=0x8ac250) at
../../../../servers/slapd/back-ldif/ldif.c:1743
1743                    Entry *e = tl->entries[ tl->ecurrent ];
(gdb) bt full
#0  0x000000000052d761 in ldif_tool_entry_next (be=0x8ac250) at
../../../../servers/slapd/back-ldif/ldif.c:1743
        e = 0x8ac250
        tl = 0x989560
#1  0x000000000043c83d in config_tool_entry_next (be=0x9892d0) at
../../../servers/slapd/bconfig.c:7254
        cfb = 0x8ac240
        bi = 0x8a3dc0
#2  0x00000000004f0dac in slapcat (argc=4, argv=0x7fffffffdfe8) at
../../../servers/slapd/slapcat.c:99
        id = 0
        rc = 1
        op = {o_hdr = 0x0, o_tag = 0, o_time = 0, o_tincr = 0, o_bd = 0x9892d0,
o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn = {bv_len = 0, bv_val = 0x0},
o_request = {oq_add = {rs_modlist = 0x0, rs_e = 0x0}, oq_bind = {rb_method = 0,
rb_cred = {bv_len = 0, 
                bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x0}, rb_ssf = 0,
rb_mech = {bv_len = 0, bv_val = 0x0}}, oq_compare = {rs_ava = 0x0}, oq_modify =
{rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 0 '\000'}, rs_increment = 0},
oq_modrdn = {rs_mods = {
                rs_modlist = 0x0, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn =
0, rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, bv_val =
0x0}, rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope = 0, rs_deref =
0, rs_slimit = 0, rs_tlimit = 0, 
              rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x0, rs_filter = 0x0,
rs_filterstr = {bv_len = 0, bv_val = 0x0}}, oq_abandon = {rs_msgid = 0},
oq_cancel = {rs_msgid = 0}, oq_extended = {rs_reqoid = {bv_len = 0, bv_val =
0x0}, rs_flags = 0, rs_reqdata = 0x0}, 
            oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0},
rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0, bv_val = 0x0}, rs_new =
{bv_len = 0, bv_val = 0x0}, rs_mods = 0x0, rs_modtail = 0x0}}, o_abandon = 0,
o_cancel = 0, o_groups = 0x0, 
          o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000',
o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000',
o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000',
o_no_subordinate_glue = 0 '\000', 
          o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x0,
o_authz =
{sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0,
bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0,
sai_transport_ssf = 0, sai_tls_ssf = 0, 
            sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x0,
o_ctrls = 0x0, o_csn = {bv_len = 0, bv_val = 0x0}, o_private = 0x0, o_extra =
{slh_first = 0x0}, o_next = {stqe_next = 0x0}}
        progname = 0x62e5d8 "slapcat"
        requestBSF = 1
        doBSF = 0
        __PRETTY_FUNCTION__ = "slapcat"
#3  0x0000000000424581 in main (argc=4, argv=0x7fffffffdfe8) at
../../../servers/slapd/main.c:411
        i = 1
        no_detach = 0
        rc = 1
        urls = 0x0
        username = 0x0
        groupname = 0x0
        sandbox = 0x0
        syslogUser = 160
        pid = 0
        waitfds = {-8560, 32767}
        g_argc = 4
        g_argv = 0x7fffffffdfe8
        configfile = 0x0
        configdir = 0x0
        serverName = 0x7fffffffe265 "slapcat"
        serverMode = 1
        scp = 0x0
        scp_entry = 0x0
        debug_unknowns = 0x0
        syslog_unknowns = 0x0
        serverNamePrefix = 0x60c858 ""
        l = 1
        slapd_pid_file_unlink = 0
        slapd_args_file_unlink = 0
        firstopt = 1
        __PRETTY_FUNCTION__ = "main"


The attached file is derived from OpenLDAP Software. All of the modifications to
OpenLDAP Software represented in the following patch(es) were developed by Red
Hat. Red Hat has not assigned rights and/or interest in this work to any party.
I, Jan Vcelak am authorized by Red Hat, my employer, to release this work under
the following terms. 

Red Hat hereby place the following modifications to OpenLDAP Software (and only
these modifications) into the public domain. Hence, these modifications may be
freely used and/or redistributed for any purpose with or without attribution
and/or other notice. 

Followup 1

Download message
Date: Tue, 27 Nov 2012 14:06:33 -0800
From: Howard Chu <hyc@symas.com>
To: jvcelak@redhat.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#7451) [PATCH] slapcat: fix segfault when unable to get database
 first entry
jvcelak@redhat.com wrote:
> Full_Name: Jan Vcelak
> Version: git master
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/jvcelak-121126-slapcat-fix-segfault-unable-to-get-db-first-entry.patch
> Submission from: (NULL) (209.132.186.34)
>
>
> Tool slapcat segfaults when there is an empty slapd.d config directory and
> 'slapcat -c -H ldap:///cn=config' is invoked.

Not happening here:

violino:~/OD/hobj/tests> ../servers/slapd/slapd -Tc -H ldap:///cn=config -d
-1
50b538d7 slapcat init: initiated tool.
50b538d7 slap_sasl_init: initialized!
50b538d7 hdb_back_initialize: initialize HDB backend
50b538d7 hdb_back_initialize: Berkeley DB 5.3.21: (May 11, 2012)
50b538d7 mdb_back_initialize: initialize MDB backend
50b538d7 mdb_back_initialize: MDB 0.9.4: (September 14, 2012)
50b538d7 backend_startup_one: starting "cn=config"
50b538d7 ldif_read_file: no entry file 
"/usr/local/etc/openldap/slapd.d/cn=config.ldif"
50b538d7 send_ldap_result: conn=-1 op=0 p=0
50b538d7 send_ldap_result: err=32 matched="" text=""
50b538d7 could not stat config file "/usr/local/etc/openldap/slapd.conf": No 
such file or directory (2)
slapcat: bad configuration file!

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 2

Download message
Date: Tue, 27 Nov 2012 14:19:43 -0800
From: Howard Chu <hyc@symas.com>
To: openldap-its@openldap.org
Subject: Re: (ITS#7451) [PATCH] slapcat: fix segfault when unable to get database
 first entry
hyc@symas.com wrote:
> jvcelak@redhat.com wrote:
>> Full_Name: Jan Vcelak
>> Version: git master
>> OS: Linux
>> URL: ftp://ftp.openldap.org/incoming/jvcelak-121126-slapcat-fix-segfault-unable-to-get-db-first-entry.patch
>> Submission from: (NULL) (209.132.186.34)
>>
>>
>> Tool slapcat segfaults when there is an empty slapd.d config directory
and
>> 'slapcat -c -H ldap:///cn=config' is invoked.
>
> Not happening here:

Your patch is invalid, but it appears there was a bug in the underlying 
back-ldif code. Still, it did not result in a SEGV. back-ldif is now fixed in 
master.

> violino:~/OD/hobj/tests> ../servers/slapd/slapd -Tc -H ldap:///cn=config
-d -1
> 50b538d7 slapcat init: initiated tool.
> 50b538d7 slap_sasl_init: initialized!
> 50b538d7 hdb_back_initialize: initialize HDB backend
> 50b538d7 hdb_back_initialize: Berkeley DB 5.3.21: (May 11, 2012)
> 50b538d7 mdb_back_initialize: initialize MDB backend
> 50b538d7 mdb_back_initialize: MDB 0.9.4: (September 14, 2012)
> 50b538d7 backend_startup_one: starting "cn=config"
> 50b538d7 ldif_read_file: no entry file
> "/usr/local/etc/openldap/slapd.d/cn=config.ldif"
> 50b538d7 send_ldap_result: conn=-1 op=0 p=0
> 50b538d7 send_ldap_result: err=32 matched="" text=""
> 50b538d7 could not stat config file "/usr/local/etc/openldap/slapd.conf":
No
> such file or directory (2)
> slapcat: bad configuration file!
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 3

Download message
From: Jan =?utf-8?B?VsSNZWzDoWs=?= <jvcelak@redhat.com>
To: hyc@symas.com
Cc: openldap-its@openldap.org
Subject: Re: (ITS#7451) [PATCH] slapcat: fix segfault when unable to get database first entry
Date: Wed, 28 Nov 2012 10:26:22 +0100
> > Not happening here:
> Your patch is invalid, but it appears there was a bug in the underlying
> back-ldif code. Still, it did not result in a SEGV. back-ldif is now fixed
> in master.

e1ccebcf indeed fixes the problem. (I can see the SEGV when started via gdb.)

Thanks.

Jan


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org