Issue 76 - slapd coredump with -DSTR_TRANSLATION enabled
Summary: slapd coredump with -DSTR_TRANSLATION enabled
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 1999-02-17 21:35 UTC by Dirk Niggemann
Modified: 2014-08-01 21:06 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Dirk Niggemann 1999-02-17 21:35:13 UTC 
Full_Name: Dirk Niggemann
Version: 1.2
OS: Linux 2.0.36
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.112.55.135)


This is basically a formal request to follow my informal post to 
ldap-bugs. See my post there for exact details of the coredump
slapd coredumps with -DSTR_TRANSLATION enabled trying to strdup NULL in 
derefDN (alias.c). This is partially due to my somewhat (ahem) novel ldif file
but 
I can't work out what's going on in alias.c. My post to ldap-bugs contains the 
(small) ldif file listing and some stuff from 
slapd.conf, as well as tracing enabled with -d123
Comment 1 Kurt Zeilenga 1999-02-18 22:48:41 UTC 
This was meant to be followup to ITS#76.  Due to extra space after the
# sign, the system failed to recognize it as such.

Regrettably, -bug readers will have to put up with forwarding.

	Kurt

At 10:05 PM 2/18/99 GMT, dirk-n@dircon.co.uk wrote:
>I have found out more about the coredump- 
>I can reproduce it using 'ldapsearch' using the following command line 
>(with my ldif file)
>
>ldapsearch -v -D
>'cn=WWW/LDAP-Gateway,cn=fornax,ou=IT,ou=Admin,ou=Periphonics VPS
>Ltd.,c=GB,ou=Periphonics EMEA,o=Periphonics Corporation,dc=peri,dc=com'
>-b 'c=GB,ou=Periphonics EMEA,o=Periphonics Corporation,dc=peri,dc=com'
>-s base -a find  'objectclass=*'
>
>It's caused when:
>a) base DN is set to a value like
>'ou=MyOrgU,ou=MyHigherOrgU,o=MyOrg,c=GB'
>b) we are beginning a search with filter 'objectclass=*'
>c) the DN we begin the search with is something like
>'ou=MyHigherOrgU,o=MyOrg,c=GB'
>  (so it's above the base. does this even make sense)
>d) There is no DN entry in the database for
>'ou=MyHigherOrgU,o=MyOrg,c=GB'
>   but there is one for 'o=MyOrg,c=GB'
>e) alias deref is set to always or search. i.e we have to try aliases on
>this. 
>
>There is a problem in derefDN in back-ldbm/alias.c where it is possible
>that we break out of the first large alias search loop with newDN set to
>NULL.
>The second loop (which checks to see if there are any aliases left in
>the remaining part of the DN, I guess) could call dn2entry_r with a NULL
>DN. That's what causes the segfault.. 
>
>I've got a fix that will stop the coredump, but I think it might break
>the alias mechanism in more general ways. Basically consists of an
>if(NewDN != NULL) wrapper around the second alias search loop. If newDN
>is set to null the derefDN routine then just returns the old DN. I have
>no idea whether that behaviour is correct.
> 
>here is a diff (I don't think it actually fixes behaviour, it just
>prevents 
>the coredump.
>----------------------------------- cut here
>-----------------------------------
>--- alias.c.orig        Thu Feb  4 18:49:52 1999
>+++ alias.c     Thu Feb 18 21:29:48 1999
>@@ -278,15 +278,17 @@
>    * e.g. if we had started with dn = o=MyAliasedOrg,c=MyCountry the dn
>would match
>    * and the above loop complete but we would still be left with an
>aliased DN.
>    */
>-  if ( (eNew = dn2entry_r( be, newDN, &matched )) != NULL) {
>-    if ((eDeref = derefAlias_r( be, conn, op, eNew )) != NULL) {
>-      free (newDN);
>-      newDN = ch_strdup (eDeref->e_dn);
>+  if (newDN != NULL) {
>+    if ( (eNew = dn2entry_r( be, newDN, &matched )) != NULL) {
>+      if ((eDeref = derefAlias_r( be, conn, op, eNew )) != NULL) {
>+        free (newDN);
>+        newDN = ch_strdup (eDeref->e_dn);
>+        /* free reader lock */
>+        cache_return_entry_r(&li->li_cache, eDeref);
>+      }  
>       /* free reader lock */
>-      cache_return_entry_r(&li->li_cache, eDeref);
>+      cache_return_entry_r(&li->li_cache, eNew);
>     }
>-    /* free reader lock */
>-    cache_return_entry_r(&li->li_cache, eNew);
>   }
>   if (matched != NULL) free(matched);
>   
>------------------------------ cut here -------------------------------
> |  /  _ \ _ _| __ \          Dirk Niggemann 
> ' /  |   |  |  |   |         dirk-n@dircon.co.uk 
> . \  __ <   |  |   |         
>_|\_\_| \_\___|____/
>
>
Comment 2 Hallvard Furuseth 1999-02-21 12:09:53 UTC 
dirk-n@dircon.co.uk writes:

> There is a problem in derefDN in back-ldbm/alias.c (...)

I suggest set SLAPD_DEFAULT_MAXDEREFDEPTH to 0 in ldapconfig.h.edit
until somone finds time to clean up the alias code, and apply this patch
to back-*/search.c:

*** search.c~	Thu Feb 11 18:19:52 1999
--- search.c	Sat Feb 20 11:14:35 1999
***************
*** 77,80 ****
--- 77,83 ----
  	 */
  
+ 	if ( be->be_maxDerefDepth <= 0 )
+ 		deref = LDAP_DEREF_NEVER;
+ 
  	switch ( deref ) {
  	case LDAP_DEREF_FINDING:

-- 
Hallvard
Comment 3 Kurt Zeilenga 1999-03-01 18:02:15 UTC 
moved from Incoming to Software Bugs
Comment 4 Kurt Zeilenga 1999-03-26 20:52:35 UTC 
changed state Open to Release
Comment 5 Kurt Zeilenga 1999-03-26 20:54:07 UTC 
changed notes
Comment 6 Kurt Zeilenga 1999-03-26 20:54:29 UTC 
changed notes
Comment 7 Kurt Zeilenga 1999-04-16 19:50:18 UTC 
changed state Release to Closed
Comment 8 OpenLDAP project 2014-08-01 21:06:51 UTC 
Fixed in 1.2.1