[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6947) ldapadd crashes with LDIFs with invalid line termination

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6947) ldapadd crashes with LDIFs with invalid line termination
From: hyc@symas.com
Date: Sat, 4 Jun 2011 02:27:53 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

jvcelak@redhat.com wrote:
> Full_Name: Jan Vcelak
> Version: 2.4.25
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/jvcelak-20110519-ldif-countlines.patch
> Submission from: (NULL) (209.132.186.34)
>
>
> Hello,
>
> adding entries to LDAP database from file using ldapadd tool causes memory
> corruption error, when the last line of the input file is not terminated by '\n'
> character.

Don't do that.

The LDIF specification says that all LDIF elements are terminated by SEP (CR 
LF or LF). Anything not conforming to this is not valid LDIF. As usual, 
garbage-in-garbage-out.

  The entries are added correctly.
>
> All version since 2.4.23 are affected.
>
> $ cat>/tmp/input.ldif<<  EOF
>> dn: cn=A,dc=my-domain,dc=com
>> objectClass: inetOrgPerson
>> objectClass: organizationalPerson
>> objectClass: person
>> objectClass: top
>> cn: A
>> sn: A
>> uid: A
>> mail: A@example.com
>> EOF
> $ wc -c /tmp/input.ldif
> 166 /tmp/input.ldif
> $ truncate -s 165 /tmp/input.ldif
> $ hexdump -c /tmp/input.ldif
> 0000000   d   n   :       c   n   =   A   ,   d   c   =   m   y   -   d
> 0000010   o   m   a   i   n   ,   d   c   =   c   o   m  \n   o   b   j
> 0000020   e   c   t   C   l   a   s   s   :       i   n   e   t   O   r
> 0000030   g   P   e   r   s   o   n  \n   o   b   j   e   c   t   C   l
> 0000040   a   s   s   :       o   r   g   a   n   i   z   a   t   i   o
> 0000050   n   a   l   P   e   r   s   o   n  \n   o   b   j   e   c   t
> 0000060   C   l   a   s   s   :       p   e   r   s   o   n  \n   o   b
> 0000070   j   e   c   t   C   l   a   s   s   :       t   o   p  \n   c
> 0000080   n   :       A  \n   s   n   :       A  \n   u   i   d   :
> 0000090   A  \n   m   a   i   l   :       A   @   e   x   a   m   p   l
> 00000a0   e   .   c   o   m
> 00000a5
> $ ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w password -f
> /tmp/input.ldif
> adding new entry "cn=A,dc=my-domain,dc=com"
>
> *** glibc detected *** ldapadd: free(): invalid pointer: 0x0000000001c435c8 ***
> ======= Backtrace: =========
> /lib64/libc.so.6[0x3626e76d63]
> ldapadd[0x404505]
> /lib64/libc.so.6(__libc_start_main+0xfd)[0x3626e1ee5d]
> ldapadd[0x4037e9]
> ======= Memory map: ========
> ...
>
> I am attaching proposed patch, which fixes this issue.

The patch uses a GNU-specific function. Since GLIBC is not supported on all of 
the platforms OpenLDAP supports, the patch is not acceptable as-is.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6831) Proxycache database corruption
Next by Date: Re: (ITS#6946) ldapexop: ber_free_buf: Assertion failed
Index(es):
- Chronological
- Thread