[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7692) segfault in overlay constraint - constraint_check_restrict (op=0x7fffa8000960, c=0x9e60f0, e=0x0) at constraint.c:713
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7692) segfault in overlay constraint - constraint_check_restrict (op=0x7fffa8000960, c=0x9e60f0, e=0x0) at constraint.c:713
- From: hyc@symas.com
- Date: Sat, 12 Oct 2013 22:37:25 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
coudot@linagora.com wrote:
> Full_Name: Clement OUDOT
> Version: 2.4.35
> OS: CentOS 6 64bits
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (83.145.72.122)
>
>
> I use the overlay constraint to check that a value of the attribute ssoRoles
> exists in the directory. The configuration looks like this:
Thanks for the report, fixed now in master
>
> ----------------------------------------------
> overlay constraint
> constraint_attribute ssoRoles uri
> ldap:///ou=applications,dc=cirra,dc=net?entrydn?sub?(&(objectClass=organizationalUnit)(ou:dn:=roles))
> restrict="ldap:///ou=users,dc=cirra,dc=net??one?(objectClass=inetOrgPerson)"
> ----------------------------------------------
>
> An ldapmodify with this LDIF crash the slapd process:
> ----------------------------------------------
> dn: uid=toto,ou=users,dc=cirra,dc=net
> changetype: modify
> add: ssoRoles
> ssoRoles: ou=ROLE_PES,ou=roles,ou=simabo,ou=applications,dc=cirra,dc=net
> ----------------------------------------------
>
> The crash occurs because the entry uid=toto,ou=users,dc=cirra,dc=net do not
> exist. The same LDIF on an existing entry works well.
>
>
> Below is the stacktrace generated with gdb:
> ----------------------------------------------
>
> (gdb) run -d 0
> Starting program: /usr/local/openldap/libexec/slapd -d 0
> [Thread debugging using libthread_db enabled]
> [New Thread 0x7fffb3d42700 (LWP 16519)]
> [New Thread 0x7fffb3541700 (LWP 16521)]
> [New Thread 0x7fffb2d40700 (LWP 16522)]
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fffb2d40700 (LWP 16522)]
> constraint_check_restrict (op=0x7fffa8000960, c=0x9e60f0, e=0x0) at
> constraint.c:713
> 713 int diff = e->e_nname.bv_len - c->restrict_ndn.bv_len;
> Missing separate debuginfos, use: debuginfo-install
> berkeleydb-ltb-4.6.21.NC-4.el6.patch4.x86_64
> cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
> cyrus-sasl-ldap-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
> cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 db4-4.7.25-17.el6.x86_64
> glibc-2.12-1.107.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64
> krb5-libs-1.10.3-10.el6.x86_64 libcom_err-1.41.12-14.el6.x86_64
> libselinux-2.0.94-5.3.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64
> nss-softokn-freebl-3.12.9-11.el6.x86_64 openssl-1.0.0-27.el6.x86_64
> zlib-1.2.3-29.el6.x86_64
> (gdb) bt full
> #0 constraint_check_restrict (op=0x7fffa8000960, c=0x9e60f0, e=0x0) at
> constraint.c:713
> diff = <value optimized out>
> __PRETTY_FUNCTION__ = "constraint_check_restrict"
> #1 0x000000000054b39f in constraint_update (op=<value optimized out>,
> rs=0x7fffb2d3f950) at constraint.c:989
> j = <value optimized out>
> ce = 0
> on = 0x9e5e30
> be = 0x7fffb2d3e4e0
> c = 0x9e60f0
> cp = <value optimized out>
> target_entry = 0x0
> target_entry_copy = 0x0
> modlist = 0x7fffa8000920
> m = 0x7fffa8000920
> b = 0x7fffa81015c0
> i = <value optimized out>
> rsv = {bv_len = 24, bv_val = 0x60f2a4 "modify breaks constraint"}
> rc = <value optimized out>
> msg = 0x0
> is_v = <value optimized out>
> #2 0x00000000004a6d7a in overlay_op_walk (op=0x7fffa8000960, rs=0x7fffb2d3f950,
> which=op_modify, oi=0x9e1020, on=0x9e5e30)
> at backover.c:661
> func = 0x9e5e88
> rc = 32768
> #3 0x00000000004a7847 in over_op_func (op=0x7fffa8000960, rs=<value optimized
> out>, which=<value optimized out>)
> at backover.c:723
> oi = <value optimized out>
> on = <value optimized out>
> be = 0x9ba220
> db = {bd_info = 0x9e5e30, bd_self = 0x9ba220,
> be_ctrls =
> "\000\000\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001\000\000\001",
> '\000' <repeats 12 times>, "\001", be_flags = 2312, be_restrictops = 0,
> be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0,
> sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport
> = 0, sss_update_tls = 0,
> sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x9dca20,
> be_nsuffix = 0x9dca50, be_schemadn = {
> bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val =
> 0x0}, be_rootdn = {bv_len = 26,
> bv_val = 0x9dcb70 "cn=manager,dc=cirra,dc=net"}, be_rootndn =
> {bv_len = 26,
> bv_val = 0x9dcbc0 "cn=manager,dc=cirra,dc=net"}, be_rootpw = {bv_len
> = 38,
> bv_val = 0x9dc8b0 "{SSHA}2S9rqrduHEq4AcNIfS+wxClQwbD5aoLn"},
> be_max_deref_depth = 15, be_def_limit = {
> lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0,
> lms_s_unchecked = -1, lms_s_pr = 0,
> lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x9e01a0, be_acl
> = 0x9b9850, be_dfltaccess = ACL_READ,
> be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0},
> be_update_refs = 0x0,
> ---Type <return> to continue, or q <return> to quit---
> be_pending_csn_list = 0xa6f7f0, be_pcl_mutex = {__data = {__lock = 0,
> __count = 0, __owner = 0, __nusers = 0,
> __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
> __size = '\000' <repeats 39 times>,
> __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x8838c0,
> be_private = 0x9ba3c0, be_next = {
> stqe_next = 0x9e6470}}
> cb = {sc_next = 0x0, sc_response = 0x4a6af0 <over_back_response>,
> sc_cleanup = 0, sc_private = 0x9e1020}
> sc = <value optimized out>
> rc = 32768
> __PRETTY_FUNCTION__ = "over_op_func"
> #4 0x000000000045728b in fe_op_modify (op=0x7fffa8000960, rs=0x7fffb2d3f950) at
> modify.c:303
> update = <value optimized out>
> repl_user = <value optimized out>
> op_be = <value optimized out>
> bd = 0x88c200
> textbuf = ">\000\000\000\000\000\000\000\240\030\020\250\377\177\000\000\000\000\000\000\000\000\000\000@\026\020\250\377\177\000\000\240\235G\000\000\000\000\000\267\244E",
> '\000' <repeats 13 times>, "\003\000\000\000\060\000\000\000[\000\000\000|",
> '\000' <repeats 11 times>, "\b", '\000' <repeats 31 times>,
> ">\000\000\000\000\000\000\000\360\025\020\250\377\177\000\000\000\000\000\000\000\000\000\000
> \t\000\250\377\177\000\000\000\000\000\000\000\000\000\000@É
>
> #5 0x0000000000457bb6 in do_modify (op=0x7fffa8000960,
> rs=0x7fffb2d3f950) at modify.c:177
> dn = {bv_len = 33, bv_val = 0x7fffa8101507
> "uid=toto,ou=users,dc=cirra,dc=net"}
> textbuf = "\027\f\000\250\377\177", '\000' <repeats 42 times>,
> "PG\253\367\000\000\000\000P\333\377\367\377\177\000\000\000\000A", '\000'
> <repeats 13 times>, "\030f@\000\000\000\000\000Y\345`\237\064", '\000' <repeats
> 11 times>"\351, \363[\000\000\000\000\000`\t\000\250\377\177\000\000\340\024\302\236\064\000\000\000\377\377\377\377\377\177\000\000\030\372Ó²\377\177\000\000\210\021\302\236\064\000\000\000@\304X\237\064",
> '\000' <repeats 11 times>,
> ":\236\240\236\064\000\000\000\320\016\000\250\377\177\000\000\000\000\020\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\260\372Ó²\377\177\000\000\360.I",
> '\000' <repeats 13 times>,
> "\t\000\000\000\062\000\000\000`\t\000\250\377\177\000\000\320\016\000\250\377\177\000"
> tmp = <value optimized out>
> #6 0x000000000043f9a9 in connection_operation (ctx=0x7fffb2d3fab0,
> arg_v=0x7fffa8000960) at connection.c:1155
> rc = 80
> cancel = <value optimized out>
> op = 0x7fffa8000960
> rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0,
> sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0,
> sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags =
> 0, r_operational_attrs = 0x0, r_attrs = 0x0,
> r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0},
> sru_extended = {r_rspoid = 0x0,
> r_rspdata = 0x0}}, sr_flags = 0}
> tag = 102
> opidx = SLAP_OP_MODIFY
> conn = 0x7ffff632bc10
> ---Type <return> to continue, or q <return> to quit---
> memctx = 0x7fffa8000ed0
> memctx_null = 0x0
> memsiz = 1048576
> __PRETTY_FUNCTION__ = "connection_operation"
> #7 0x0000000000440195 in connection_read_thread (ctx=0x7fffb2d3fab0,
> argv=<value optimized out>) at connection.c:1291
> rc = <value optimized out>
> cri = {op = 0x7fffa8000960, func = 0, arg = 0x0, ctx = 0x7fffb2d3fab0,
> nullop = <value optimized out>}
> s = <value optimized out>
> #8 0x0000000000593d00 in ldap_int_thread_pool_wrapper (xpool=0x960c00) at
> tpool.c:688
> pool = 0x960c00
> task = 0x7fffac0008c0
> work_list = <value optimized out>
> ctx = {ltu_id = 140736193627904, ltu_key = {{ltk_key = 0x43e7c0,
> ltk_data = 0x7fffa8000dc0,
> ltk_free = 0x43e890 <conn_counter_destroy>}, {ltk_key = 0x492d40,
> ltk_data = 0x7fffa8000ed0,
> ltk_free = 0x492d60 <slap_sl_mem_destroy>}, {ltk_key = 0xa6f810,
> ltk_data = 0x7fffa8100f80,
> ltk_free = 0x4f7280 <bdb_reader_free>}, {ltk_key = 0x452ba0,
> ltk_data = 0x0,
> ltk_free = 0x452970 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data
> = 0x0, ltk_free = 0} <repeats 25 times>, {
> ltk_key = 0x0, ltk_data = 0x349f607eea, ltk_free = 0}, {ltk_key =
> 0x0, ltk_data = 0x0, ltk_free = 0}, {
> ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0}}}
> kctx = <value optimized out>
> keyslot = 555
> hash = <value optimized out>
> __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
> #9 0x000000349f607851 in start_thread () from /lib64/libpthread.so.0
> No symbol table info available.
> #10 0x000000349f2e890d in clone () from /lib64/libc.so.6
> No symbol table info available.
> (gdb)
>
>
> ----------------------------------------------
>
>
>
> Please tell me if something else is needed in this bug report.
>
>
> Regards,
>
>
> Clement OUDOT.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/