[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4380) Using extensible matching can crash slapd
Full_Name: Kevin Spicer
Version: 2.3.18 + patches
OS: Solaris 9 sparc
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (198.178.236.140)
I've found that I can crash slapd using the following ldapsearch command...
ldapsearch -b "ou=machines,dc=mydomain,dc=com" -s sub '(:dn:2.5.13.4:=central)'
or
ldapsearch -b "ou=machines,dc=mydomain,dc=com" -s sub
'(:dn:caseIgnoreSubstringsMatch:=central)'
This is on 2.3.18 with patches for ITS#
4316,4324,4326,4331,4334,4336,4338,4339,select logging level.
interesting to note that
ldapsearch -b "ou=machines,dc=mydomain,dc=com" -s sub '(:dn:2.5.13.2:=central)'
doesn't crash slapd.
Heres a backtrace from the core file...
#0 0x00000000 in ?? ()
#1 0x00076ee0 in asserted_value_validate_normalize (ad=0x0, mr=0x36f8b8,
usage=2049, in=0xf87ff920, out=0xf87ff90c, text=0xf87ffd44, ctx=0x4263f8)
at value.c:157
#2 0x000c104c in get_mra (op=0x1f94a60, ber=0x24868c8, mra=0xf87ff9cc,
text=0xf87ffd44) at mra.c:194
#3 0x00052d8c in get_filter (op=0x1f94a60, ber=0x24868c8, filt=0x1f94aa0,
text=0xf87ffd44) at filter.c:256
#4 0x00050e6c in do_search (op=0x1f94a60, rs=0xf87ffd30) at search.c:127
#5 0x0004dde4 in connection_operation (ctx=0xf87ffe08, arg_v=0x1f94a60)
at connection.c:1307
#6 0x0016d7a4 in ldap_int_thread_pool_wrapper (xpool=0x379328) at tpool.c:479
#7 0xfef157bc in _lwp_start () from /usr/lib/libthread.so.1
#8 0xfef157bc in _lwp_start () from /usr/lib/libthread.so.1
Previous frame identical to this frame (corrupt stack?)