[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP 2.1.[23] dump core when scanned

To: "Thomas Nau" <thomas.nau@rz.uni-ulm.de>, <openldap-bugs@OpenLDAP.org>
Subject: RE: OpenLDAP 2.1.[23] dump core when scanned
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 11 Jul 2002 03:32:32 -0700
Importance: Normal
In-reply-to: <Pine.SOL.4.44.0207111036500.3235-100000@frago.rz.uni-ulm.de>

Funny, we already passed the single-byte test in the BER torture test. Now
fixed in HEAD, io.c rev 1.73. Thanks for the report.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of Thomas Nau
> Sent: Thursday, July 11, 2002 2:00 AM
> To: openldap-bugs@OpenLDAP.org
> Subject: OpenLDAP 2.1.[23] dump core when scanned
>
>
> Hi all.
> Our server just crashed over night when it got scanned. We have been able
> to reproduce the problem using the 'socket' tool:
>
> 	echo -n <single character> | socket server port
>
> It doesn't matter which character you send to the server (the scanner used
> ','), slapd dumps core at
>
> 	libraries/liblber/io.c:536
>
> code
> 	...
> 	AC_MEMCPY(buf, ber->ber_ptr, i);
> 	...
>
> as i is equal -1. Sorry, I don't understand enough of the code to provide
> a patch.
>
> Thomas
>
> Additional debug output from server
> ...
> slapd startup: initiated.
> slapd starting
> synchronizer starting for /ldap/openldap/var/openldap-data
> daemon: added 7r
> daemon: added 8r
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: select: listen=8 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: new connection on 9
> ldap_pvt_gethostbyname_a: host=frago, r=0
> daemon: conn=0 fd=9 connection from IP=10.0.0.1:61163
> (IP=0.0.0.0:9999) accepted.
> daemon: added 9r
> daemon: activity on:
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: select: listen=8 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 9r
> daemon: read activity on 9
> connection_get(9)
> connection_get(9): got connid=0
> connection_read(9): checking for input on id=0
> ber_get_next
> ldap_read: want=9, got=1
>   0000:  41                                                 A
> Segmentation Fault (core dumped)
>
>
> -----------------------------------------------------------------
> PGP fingerprint: B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED
> Phone:           +49 731 50 22464
> FAX:             +49 731 50 22471
>

References:
- OpenLDAP 2.1.[23] dump core when scanned
  - From: Thomas Nau <thomas.nau@rz.uni-ulm.de>

Prev by Date: OpenLDAP 2.1.[23] dump core when scanned
Next by Date: no enough space in hostlist buffer (libraries/libldap/dnssrv.c) (ITS#1936)
Index(es):
- Chronological
- Thread