Full_Name: John Alex. Version: 2.4.40 OS: FreeBSD 9.3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (91.140.25.22) When those two overlays are configured in this order: {0}memberof, {1}dds, slapd will segfault at startup if dds finds a dynamicObject entry that is past its expiration time. This does not occur if an object expires while slapd is running, only during startup. Changing the order of those overlays to be {0}dds, {1}memberof avoids this issue. Sample config (without schema entries): dn: cn=config objectClass: olcGlobal cn: config olcConfigDir: slapd.d olcArgsFile:2F2Fvar/run/openldap/slapd.args olcAttributeOptions: lang- olcLogLevel: stats olcPidFile: /var/run/openldap/slapd.pid dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/local/libexec/openldap olcModuleLoad: {0}back_mdb dn: olcDababase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" manage by * break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read olcSchemaDN: cn=Subschema dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern lal,cn=auth" manage olcAddContentAcl: TRUE olcRootDN: cn=admin,cn=config dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/db/openldap-data/testing olcSuffix: dc=example,dc=com olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" manage by * break olcAccess: {1}to attrs=userPassword by anonymous auth olcAccess: {2}to dn.base="dc=example,dc=com"yby * read olcRootDN: cn=admin,dc=example,dc=com olcDbIndex: objectClass eq olcDbIndex: ou,uid eq olcDbIndex: entryExpireTimestamp eq olcDbMaxSize: 4294967296 dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {0}memberof dn: olcOverlay={1}dds,olcDatabase={1}mdb,cn=config objectClass: olcDDSConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {1}dds olcDDSinterval: 60 Steps to reproduce: 1. Create a dynamicObject entry, set a ttl of 60 seconds 2. Shut down the openldap server 3. Wait a couple minutes, then start the server
On Wed, May 06, 2015 at 05:48:53PM +0000, alexoz66@gmail.com wrote: >When those two overlays are configured in this order: {0}memberof, {1}dds, slapd >will segfault at startup if dds finds a dynamicObject entry that is past its >expiration time. This does not occur if an object expires while slapd is >running, only during startup. Program received signal SIGSEGV, Segmentation fault. 0x000000000051c232 in memberof_isGroupOrMember (op=0x7fffffffd960, mci=0xa444f8) at memberof.c:293 293 an[ 0 ].an_name = an[ 0 ].an_desc->ad_cname; (gdb) bt full #0 0x000000000051c232 in memberof_isGroupOrMember (op=0x7fffffffd960, mci=0xa444f8) at memberof.c:293 rs2 = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} on = 0x8caa80 mo = 0x8cac70 op2 = {o_hdr = 0x7fffffffdad0, o_tag = 99, o_time = 1430939704, o_tincr = 2, o_bd = 0x7fffffffd680, o_req_dn = {bv_len = 25, bv_val = 0xa444a8 "cn=test,dc=example,dc=com"}, o_req_ndn = {bv_len = 25, bv_val = 0xa444a8 "cn=test,dc=example,dc=com"}, o_request = {oq_add = {rs_modlist = 0x0, rs_e = 0xffffffff00000001}, oq_bind = {rb_method = 0, rb_cred = {bv_len = 18446744069414584321, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x7fffffffd360 "`\325\377\377\377\177"}, rb_ssf = 10763168, rb_mech = {bv_len = 69, bv_val = 0xa42aa8 "(&(objectClass=dynamicObject)(entryExpireTimestamp<=201505061915P"}}, oq_compare = {rs_ava = 0x0}, oq_modify = {rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 1 '\001'}, rs_increment = 0}, oq_modrdn = {rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 1 '\001'}, rs_deleteoldrdn = 0, rs_newrdn = {bv_len = 0, bv_val = 0x7fffffffd360 "`\325\377\377\377\177"}, rs_nnewrdn = {bv_len = 10763168, bv_val = 0x45 <error: Cannot access memory at address 0x45>}, rs_newSup = 0xa42aa8, rs_nnewSup = 0x0}, oq_search = {rs_scope = 0, rs_deref = 0, rs_slimit = 1, rs_tlimit = -1, rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x7fffffffd360, rs_filter = 0xa43ba0, rs_filterstr = {bv_len = 69, bv_val = 0xa42aa8 "(&(objectClass=dynamicObject)(entryExpireTimestamp<=201505061915P"}}, oq_abandon = {rs_msgid = 0}, oq_cancel = {rs_msgid = 0}, oq_extended = {rs_reqoid = {bv_len = 0, bv_val = 0xffffffff00000001 <error: Cannot access memory at address 0xffffffff00000001>}, rs_flags = 0, rs_reqdata = 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 0, bv_val = 0xffffffff00000001 <error: Cannot access memory at address 0xffffffff00000001>}, rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 140737488343904, bv_val = 0xa43ba0 "\240"}, rs_new = {bv_len = 69, bv_val = 0xa42aa8 "(&(objectClass=dynamicObject)(entryExpireTimestamp<=201505061915P"}, rs_mods = 0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x7fffffffdc18, o_authz = {sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 25, bv_val = 0x8ca830 "cn=root,dc=example,dc=com"}, sai_ndn = {bv_len = 25, bv_val = 0x8ca860 "cn=root,dc=example,dc=com"}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x7fffffffd3b0, o_ctrls = 0x0, o_csn = {bv_len = 0, bv_val = 0x0}, o_private = 0x0, o_extra = {slh_first = 0x0}, o_next = {stqe_next = 0x0}} cb = {sc_next = 0x0, sc_response = 0x51beec <memberof_saveMember_cb>, sc_cleanup = 0x0, sc_writewait = 0x0, sc_private = 0x7fffffffd340} bi = 0x8caa80 an = {{an_name = {bv_len = 140737488344416, bv_val = 0x7fffffffd740 "`\250\214"}, an_desc = 0x0, an_flags = 15, an_oc = 0x5}, {an_name = {bv_len = 0, bv_val = 0x0}, an_desc = 0x7fffffffd740, an_flags = 10758752, an_oc = 0x18}} iswhat = MEMBEROF_IS_NONE mc = {ad = 0x0, vals = 0x0, foundit = 0} __PRETTY_FUNCTION__ = "memberof_isGroupOrMember" #1 0x000000000051e097 in memberof_op_delete (op=0x7fffffffd960, rs=0x7fffffffd8b0) at memberof.c:783 on = 0x8caa80 mo = 0x8cac70 sc = 0xa444d0 mci = 0xa444f8 oex = 0x0 #2 0x00000000004baa58 in overlay_op_walk (op=0x7fffffffd960, rs=0x7fffffffd8b0, which=op_delete, oi=0x8ca890, on=0x8caa80) at backover.c:681 bi = 0x8caa80 rc = 32768 #3 0x00000000004bad1c in over_op_func (op=0x7fffffffd960, rs=0x7fffffffd8b0, which=op_delete) at backover.c:749 oi = 0x8ca890 on = 0x8cad30 be = 0x8c99d0 db = {bd_info = 0x8caa80, bd_self = 0x8c99d0, be_ctrls = "\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001\001", '\000' <repeats 16 times>, "\001", be_flags = 3336, be_restrictops = 0, be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x8ca650, be_nsuffix = 0x8ca680, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 25, bv_val = 0x8ca830 "cn=root,dc=example,dc=com"}, be_rootndn = {bv_len = 25, bv_val = 0x8ca860 "cn=root,dc=example,dc=com"}, be_rootpw = {bv_len = 6, bv_val = 0x8ca5b0 "secret"}, be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x0, be_dfltaccess = ACL_READ, be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x93dda0, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x802d40 <mdbocs>, be_private = 0x7ffff7f2a010, be_next = {stqe_next = 0x0}} cb = {sc_next = 0x7fffffffd930, sc_response = 0x4b9acc <over_back_response>, sc_cleanup = 0x0, sc_writewait = 0x0, sc_private = 0x8ca890} sc = 0x1ffffda98 rc = 32768 __PRETTY_FUNCTION__ = "over_op_func" #4 0x00000000004baece in over_op_delete (op=0x7fffffffd960, rs=0x7fffffffd8b0) at backover.c:806 No locals. #5 0x00000000005177ce in dds_expire (ctx=0x825dc0 <ldap_int_main_thrctx>, di=0x8caf20) at dds.c:221 conn = {c_struct_state = SLAP_C_UNINITIALIZED, c_conn_state = SLAP_C_INVALID, c_conn_idx = -1, c_sd = 0, c_close_reason = 0x0, c_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_sb = 0x0, c_starttime = 0, c_activitytime = 0, c_connid = 18446744073709551615, c_peer_domain = {bv_len = 0, bv_val = 0x57d3a0 ""}, c_peer_name = {bv_len = 0, bv_val = 0x57d3a0 ""}, c_listener = 0x585740 <dummy_list>, c_sasl_bind_mech = {bv_len = 0, bv_val = 0x0}, c_sasl_dn = {bv_len = 0, bv_val = 0x0}, c_sasl_authz_dn = {bv_len = 0, bv_val = 0x0}, c_authz_backend = 0x0, c_authz_cookie = 0x0, c_authz = {sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0, bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, c_protocol = 0, c_ops = {stqh_first = 0x0, stqh_last = 0x0}, c_pending_ops = {stqh_first = 0x0, stqh_last = 0x0}, c_write1_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_write1_cv = {__data = {__lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 times>, __align = 0}, c_write2_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_write2_cv = {__data = {__lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 times>, __align = 0}, c_currentber = 0x0, c_writers = 0, c_writing = 0 '\000', c_sasl_bind_in_progress = 0 '\000', c_writewaiter = 0 '\000', c_sasl_layers = 0 '\000', c_sasl_done = 0 '\000', c_sasl_authctx = 0x0, c_sasl_sockctx = 0x0, c_sasl_extra = 0x0, c_sasl_cbind = 0x0, c_sasl_bindop = 0x0, c_txn = 0, c_txn_backend = 0x0, c_txn_ops = {stqh_first = 0x0, stqh_last = 0x0}, c_pagedresults_state = {ps_be = 0x0, ps_size = 0, ps_count = 0, ps_cookie = 0, ps_cookieval = {bv_len = 0, bv_val = 0x0}}, c_n_ops_received = 0, c_n_ops_executing = 0, c_n_ops_pending = 0, c_n_ops_completed = 0, c_n_get = 0, c_n_read = 0, c_n_write = 0, c_extensions = 0x0, c_clientfunc = 0x0, c_clientarg = 0x0, c_send_ldap_result = 0x44239d <slap_send_ldap_result>, c_send_search_entry = 0x443071 <slap_send_search_entry>, c_send_search_reference = 0x445030 <slap_send_search_reference>, c_send_ldap_extended = 0x442bee <slap_send_ldap_extended>, c_send_ldap_intermediate = 0x442e5f <slap_send_ldap_intermediate>} opbuf = {ob_op = {o_hdr = 0x7fffffffdad0, o_tag = 74, o_time = 1430939704, o_tincr = 2, o_bd = 0x7fffffffd680, o_req_dn = {bv_len = 25, bv_val = 0xa444a8 "cn=test,dc=example,dc=com"}, o_req_ndn = {bv_len = 25, bv_val = 0xa444a8 "cn=test,dc=example,dc=com"}, o_request = {oq_add = {rs_modlist = 0x2, rs_e = 0x10ffffffff}, oq_bind = {rb_method = 2, rb_cred = {bv_len = 73014444031, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x800dc0 <anlist_no_attrs> "\003"}, rb_ssf = 10763168, rb_mech = {bv_len = 69, bv_val = 0xa42aa8 "(&(objectClass=dynamicObject)(entryExpireTimestamp<=201505061915P"}}, oq_compare = {rs_ava = 0x2}, oq_modify = {rs_mods = {rs_modlist = 0x2, rs_no_opattrs = -1 '\377'}, rs_increment = 0}, oq_modrdn = {rs_mods = {rs_modlist = 0x2, rs_no_opattrs = -1 '\377'}, rs_deleteoldrdn = 0, rs_newrdn = {bv_len = 0, bv_val = 0x800dc0 <anlist_no_attrs> "\003"}, rs_nnewrdn = {bv_len = 10763168, bv_val = 0x45 <error: Cannot access memory at address 0x45>}, rs_newSup = 0xa42aa8, rs_nnewSup = 0x0}, oq_search = {rs_scope = 2, rs_deref = 0, rs_slimit = -1, rs_tlimit = 16, rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x800dc0 <anlist_no_attrs>, rs_filter = 0xa43ba0, rs_filterstr = {bv_len = 69, bv_val = 0xa42aa8 "(&(objectClass=dynamicObject)(entryExpireTimestamp<=201505061915P"}}, oq_abandon = {rs_msgid = 2}, oq_cancel = {rs_msgid = 2}, oq_extended = {rs_reqoid = {bv_len = 2, bv_val = 0x10ffffffff <error: Cannot access memory at address 0x10ffffffff>}, rs_flags = 0, rs_reqdata = 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 2, bv_val = 0x10ffffffff <error: Cannot access memory at address 0x10ffffffff>}, rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 8392128, bv_val = 0xa43ba0 "\240"}, rs_new = {bv_len = 69, bv_val = 0xa42aa8 "(&(objectClass=dynamicObject)(entryExpireTimestamp<=201505061915P"}, rs_mods = 0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x7fffffffdc18, o_authz = {sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 25, bv_val = 0x8ca830 "cn=root,dc=example,dc=com"}, sai_ndn = {bv_len = 25, bv_val = 0x8ca860 "cn=root,dc=example,dc=com"}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x7fffffffd650, o_ctrls = 0x0, o_csn = {bv_len = 0, bv_val = 0x0}, o_private = 0x0, o_extra = {slh_first = 0x0}, o_next = {stqe_next = 0x0}}, ob_hdr = {oh_opid = 0, oh_connid = 18446744073709551615, oh_conn = 0x7fffffffdd20, oh_msgid = 0, oh_protocol = 0, oh_tid = 140737354057472, oh_threadctx = 0x825dc0 <ldap_int_main_thrctx>, oh_tmpmemctx = 0xa42a60, oh_tmpmfuncs = 0x8012a0 <slap_sl_mfuncs>, oh_counters = 0x826340 <slap_counters>, oh_log_prefix = "conn=-1 op=0", '\000' <repeats 243 times>}, ob_controls = {0x0 <repeats 32 times>}} op = 0x7fffffffd960 sc = {sc_next = 0x0, sc_response = 0x440aa1 <slap_null_cb>, sc_cleanup = 0x0, sc_writewait = 0x0, sc_private = 0x0} dc = {dc_ndnlist = 0xa44490} de = 0xa44490 dep = 0x7fffffffd920 rs = {sr_type = REP_RESULT, sr_tag = 101, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} expire = 1430939704 tsbuf = "20150506191504Z\000\320\330\377\377\377\177" ts = {bv_len = 15, bv_val = 0x7fffffffd890 "20150506191504Z"} ndeletes = 0 ntotdeletes = 0 rc = 0 extra = 0x5ab533 "" #6 0x000000000051b714 in dds_db_open (be=0x7fffffffe0a0, cr=0x7fffffffe2b0) at dds.c:1747 on = 0x8cad30 di = 0x8caf20 rc = 0 thrctx = 0x825dc0 <ldap_int_main_thrctx> #7 0x00000000004b9845 in over_db_open (be=0x8c99d0, cr=0x7fffffffe2b0) at backover.c:157 oi = 0x8ca890 on = 0x8cad30 db = {bd_info = 0x8ca890, bd_self = 0x8c99d0, be_ctrls = "\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001\001", '\000' <repeats 16 times>, "\001", be_flags = 68872, be_restrictops = 0, be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x8ca650, be_nsuffix = 0x8ca680, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 25, bv_val = 0x8ca830 "cn=root,dc=example,dc=com"}, be_rootndn = {bv_len = 25, bv_val = 0x8ca860 "cn=root,dc=example,dc=com"}, be_rootpw = {bv_len = 6, bv_val = 0x8ca5b0 "secret"}, be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x0, be_dfltaccess = ACL_READ, be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x93dda0, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x802d40 <mdbocs>, be_private = 0x7ffff7f2a010, be_next = {stqe_next = 0x0}} rc = 0 #8 0x000000000043c44b in backend_startup_one (be=0x8c99d0, cr=0x7fffffffe2b0) at backend.c:224 rc = 0 __PRETTY_FUNCTION__ = "backend_startup_one" #9 0x000000000043c995 in backend_startup (be=0x8c99d0) at backend.c:330 i = 1 rc = 0 bi = 0x0 cr = {err = 0, msg = '\000' <repeats 255 times>} #10 0x0000000000468ac3 in slap_startup (be=0x0) at init.c:220 rc = 1024 #11 0x0000000000405d16 in main (argc=7, argv=0x7fffffffe618) at main.c:997 i = -1 no_detach = 1 rc = 0 urls = 0x877090 "ldap://:9000" username = 0x0 groupname = 0x0 sandbox = 0x0 syslogUser = 160 pid = 32767 waitfds = {1, 32767} g_argc = 7 g_argv = 0x7fffffffe618 configfile = 0x8770b0 "slapd.conf" configdir = 0x0 serverName = 0x7fffffffe870 "slapd" serverMode = 1 scp = 0x0 scp_entry = 0x0 debug_unknowns = 0x0 syslog_unknowns = 0x0 serverNamePrefix = 0x57ce80 "" l = 140737354130688 slapd_pid_file_unlink = 0 slapd_args_file_unlink = 0 firstopt = 0 __PRETTY_FUNCTION__ = "main" mo->mo_ad_member is NULL. dds is first in the stack and we are in dds_db_open, so memberof_db_open has not run yet.
The patch below fixes the crash, however I'd appreciate a review before committing in case I misunderstood why that code might be needed. The first periodic expiry runs immediately after startup completes, and AFAICT does everything this one would have; so the window for returning stale data should be short. Thanks. ftp://ftp.openldap.org/incoming/20150519_rtandy_ITS-8133-avoid-mods-during-dds_db_open.patch
Hi, On Wed, May 06, 2015 at 05:48:53PM +0000, alexoz66@gmail.com wrote: >When those two overlays are configured in this order: {0}memberof, {1}dds, slapd >will segfault at startup if dds finds a dynamicObject entry that is past its >expiration time. This does not occur if an object expires while slapd is >running, only during startup. A patch for this is in git master now. Please test it. http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=1c494241347d3d397552f2f8d1f1cf828d4e6672 thanks, Ryan
changed notes changed state Open to Test
moved from Incoming to Software Bugs
changed notes changed state Test to Release
fixed in master fixed in RE25 fixed in RE24 (2.4.43)
changed notes changed state Release to Closed