[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8107) olcMemberOfDangling: error doesn't prevent adding nonexistent member to group

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8107) olcMemberOfDangling: error doesn't prevent adding nonexistent member to group
From: ryan@nardis.ca
Date: Thu, 23 Apr 2015 02:50:38 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Sat, Apr 18, 2015 at 10:47:57PM +0000, ryan@nardis.ca wrote:
>Adding a new group containing a nonexistent member, or or a nonexistent
>member to an existing group, triggers the following AddressSanitizer
>splat. No error when adding a valid member, or with memberof disabled.

That part turned out to be my fault, actually:

>    #0 0xebdb1e in lutil_strncopy /home/ryan/pkg/openldap/openldap/libraries/liblutil/utils.c:317:2
>    #1 0xd10adb in mdb_dn2id /home/ryan/pkg/openldap/openldap/servers/slapd/back-mdb/dn2id.c:360:9

The nonexistent entry I was trying to add was outside the db suffix. 
Therefore nrlen in mdb_dn2id was wrong (in my specific case, negative) 
and things got worse from there.

Testing with a nonexistent entry under the correct suffix, there are no 
complaints from AddressSanitizer.

The buggy behaviour is still present, however: the member value is added 
despite returning a 'constraint violation' result.

Prev by Date: (ITS#8113) Missing man page information for ldap_str2dn
Next by Date: Re: (ITS#8107) olcMemberOfDangling: error doesn't prevent adding nonexistent member to group
Index(es):
- Chronological
- Thread