9192 – slapo-rwm: assert triggered with invalid UUID filter

Issue 9192 - slapo-rwm: assert triggered with invalid UUID filter

Summary: slapo-rwm: assert triggered with invalid UUID filter

Status:	VERIFIED DUPLICATE of issue 7439

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	overlays (show other issues)
Version:	2.4.48
Hardware:	All All

Importance:	--- normal
Target Milestone:	2.5.2
Assignee:	Quanah Gibson-Mount

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-03-23 23:53 UTC by Quanah Gibson-Mount
Modified:	2021-03-02 19:40 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Quanah Gibson-Mount 2020-03-23 23:53:29 UTC

slapo-rwm triggers an assert when a filter with an invalid UUID syntax is used.  For example:

/opt/symas/bin/ldapsearch -x -H ldaps://ldap0.example.com -D "cn=admin,dc=example,dc=com" -W -b dc=example,dc=com idmUUID=b58540b2-f16c-41c9-8147-83068004dd0a,ou=People,dc=example,dc=com
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: idmUUID=b58540b2-f16c-41c9-8147-83068004dd0a,ou=People,dc=example,dc=com
# requesting: ALL
#

The above search will trigger an assert.  Note that idmUUID is a custom attribute defined as:

# idmUUID
attributetype ( 1.3.6.1.4.1.29179.2.3.3
        NAME 'idmUUID'
        DESC 'RFC4122 Univeral Unique Identifier for idM'
        EQUALITY uuidMatch
        SYNTAX 1.3.6.1.1.16.1
        SINGLE-VALUE )

which is using the RFC4530 definition for UUID.

On the slapd side, we see:


#4  0x0000000000468650 in UUIDNormalize (usage=<optimized out>, syntax=<optimized out>, mr=<optimized out>, val=0x7f1c58003110, normalized=0x7f1c677fc5c0, ctx=<optimized out>)
    at /home/build/sold/openldap/servers/slapd/schema_init.c:3019
No locals.
#5  0x00007f447599c55d in map_attr_value (dc=dc@entry=0x7f1c677fc730, adp=adp@entry=0x7f1c677fc658, mapped_attr=mapped_attr@entry=0x7f1c677fc660, value=0x7f1c58003110,
    mapped_value=mapped_value@entry=0x7f1c677fc670, memctx=0x7f1c58002810, remap=0) at /home/build/sold/openldap/servers/slapd/overlays/rwmmap.c:471
        vtmp = {bv_len = 0, bv_val = 0x0}
        freeval = 0
        ad = 0x1947630
        mapping = 0x0
#6  0x00007f447599ccc6 in rwm_int_filter_map_rewrite (op=op@entry=0x7f1c580028f0, dc=dc@entry=0x7f1c677fc730, f=0x7f1c58003170, fstr=fstr@entry=0x7f1c677fc720)
    at /home/build/sold/openldap/servers/slapd/overlays/rwmmap.c:559
        i = <optimized out>
        p = <optimized out>
        ad = 0x1947630
        atmp = {bv_len = 7, bv_val = 0x1900bb0 "idmUUID"}
        vtmp = {bv_len = 139759712219536, bv_val = 0x7f1c58003240 "c"}
        tmp = <optimized out>
        ber_bvfalse = {bv_len = 18, bv_val = 0x7f447599f816 "(!(objectClass=*))"}
        ber_bvtf_false = {bv_len = 3, bv_val = 0x7f447599f829 "(|)"}
        ber_bvtrue = {bv_len = 15, bv_val = 0x7f447599f802 "(objectClass=*)"}
        ber_bvtf_true = {bv_len = 3, bv_val = 0x7f447599f812 "(&)"}
        ber_bverror = {bv_len = 9, bv_val = 0x7f447599f7f8 "(?=error)"}
        ber_bvunknown = {bv_len = 11, bv_val = 0x7f447599f7ec "(?=unknown)"}
        ber_bvnone = {bv_len = 8, bv_val = 0x7f447599f82d "(?=none)"}
        len = <optimized out>
        __PRETTY_FUNCTION__ = "rwm_int_filter_map_rewrite"
#7  0x00007f447599d7a8 in rwm_filter_map_rewrite (op=op@entry=0x7f1c580028f0, dc=dc@entry=0x7f1c677fc730, f=<optimized out>, fstr=fstr@entry=0x7f1c677fc720)
    at /home/build/sold/openldap/servers/slapd/overlays/rwmmap.c:824
        rc = <optimized out>
        fdc = <optimized out>
        ftmp = {bv_len = 26355712, bv_val = 0x7f4475224500 "\002"}
#8  0x00007f4475999c5b in rwm_op_search (op=0x7f1c580028f0, rs=0x7f1c677fda60) at /home/build/sold/openldap/servers/slapd/overlays/rwm.c:976
        on = 0x1922620
        rwmap = 0x1922800
        rc = 0
        dc = {rwmap = 0x1922800, conn = 0x7f4475224500, ctx = 0x7f447599f090 "searchFilterAttrDN", rs = 0x7f1c677fda60}
        fstr = {bv_len = 0, bv_val = 0x0}
        f = 0x0
        an = 0x0
        text = 0x0
        roc = 0x7f1c58003218
#9  0x000000000049776a in overlay_op_walk (op=op@entry=0x7f1c580028f0, rs=rs@entry=0x7f1c677fda60, which=which@entry=op_search, oi=oi@entry=0x1924430, on=0x1922620)
    at /home/build/sold/openldap/servers/slapd/backover.c:671
        func = 0x1922678
        rc = 32768
#10 0x00000000004978be in over_op_func (op=0x7f1c580028f0, rs=0x7f1c677fda60, which=op_search) at /home/build/sold/openldap/servers/slapd/backover.c:747
        oi = 0x1924430
        on = <optimized out>
        be = 0x728420 <slap_frontendDB>
        db = {bd_info = 0x1922620, bd_self = 0x728420 <slap_frontendDB>, be_ctrls = "\000", '\001' <repeats 17 times>, '\000' <repeats 14 times>, be_flags = 768, be_restrictops = 0, be_requires = 0,
          be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0},
          be_suffix = 0x18cb690, be_nsuffix = 0x18cb6e0, be_schemadn = {bv_len = 12, bv_val = 0x1955c20 "cn=Subschema"}, be_schemandn = {bv_len = 12, bv_val = 0x1955370 "cn=subschema"}, be_rootdn = {
            bv_len = 0, bv_val = 0x0}, be_rootndn = {bv_len = 0, bv_val = 0x0}, be_rootpw = {bv_len = 0, bv_val = 0x0}, be_max_deref_depth = 0, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0,
            lms_s_soft = 50, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x1925890, be_dfltaccess = ACL_READ, be_extra_anlist = 0x0,
          be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x0, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0,
              __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x7200e8 <cf_ocs+392>, be_private = 0x0,
          be_next = {stqe_next = 0x18cbcc0}}
        sc = <optimized out>
        cb = 0x7f1c580031e8
        rc = 32768
        __PRETTY_FUNCTION__ = "over_op_func"
#11 0x0000000000431006 in do_search (op=0x7f1c580028f0, rs=0x7f1c677fda60) at /home/build/sold/openldap/servers/slapd/search.c:247
        base = {bv_len = 14, bv_val = 0x7f1c580025c7 "dc=example,dc=com"}
        siz = 0
        off = 0
        i = <optimized out>
#12 0x000000000042ede5 in connection_operation (ctx=ctx@entry=0x7f1c677fdbd0, arg_v=arg_v@entry=0x7f1c580028f0) at /home/build/sold/openldap/servers/slapd/connection.c:1167
        rc = 80
        cancel = <optimized out>
        op = 0x7f1c580028f0
        rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0,
              r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0}
        tag = 99
        opidx = SLAP_OP_SEARCH
        conn = 0x7f4475224500
        memctx = 0x7f1c58002810
        memctx_null = 0x0
        memsiz = 1048576
        __PRETTY_FUNCTION__ = "connection_operation"
#13 0x000000000042f0ea in connection_read_thread (ctx=0x7f1c677fdbd0, argv=0x16) at /home/build/sold/openldap/servers/slapd/connection.c:1314
        rc = <optimized out>
        cri = {op = 0x7f1c580028f0, func = 0x0, arg = 0x0, ctx = <optimized out>, nullop = <optimized out>}
        s = <optimized out>
#14 0x00007f447a585353 in ldap_int_thread_pool_wrapper (xpool=0x18b1340) at /home/build/sold/openldap/libraries/libldap_r/tpool.c:963
        pq = 0x18b1340
        pool = 0x18b1250
        task = 0x7f1c68000da0
        work_list = <optimized out>
        ctx = {ltu_pq = 0x18b1340, ltu_id = 139759972247296, ltu_key = {{ltk_key = 0x42cbf0 <conn_counter_init>, ltk_data = 0x7f1c58002700, ltk_free = 0x42ccb0 <conn_counter_destroy>}, {
              ltk_key = 0x47fef0 <slap_sl_mem_init>, ltk_data = 0x7f1c58002810, ltk_free = 0x47fdb0 <slap_sl_mem_destroy>}, {ltk_key = 0x1ae4a40, ltk_data = 0x7f1c58102f30,
              ltk_free = 0x7f44763ff550 <mdb_reader_free>}, {ltk_key = 0x4416f0 <slap_op_free>, ltk_data = 0x0, ltk_free = 0x441650 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data = 0x7f1c58000a80,
              ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 27 times>}}
        kctx = <optimized out>
        keyslot = <optimized out>
        hash = <optimized out>
        pool_lock = 0
        freeme = 0
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#15 0x00007f4478d42ea5 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#16 0x00007f4478a6b8cd in clone () from /lib64/libc.so.6
No symbol table info available.
(gdb)

Comment 1 Quanah Gibson-Mount 2021-02-25 17:50:19 UTC

Test to see if this still is an issue with latest rwm fixes.

Comment 2 Quanah Gibson-Mount 2021-03-02 19:40:28 UTC

No longer occurs, likely fixed by 58dfef012cc5ec45bd85be9eb8efe57901f60213

*** This issue has been marked as a duplicate of issue 7439 ***