[Date Prev][Date Next]
Re: (ITS#8107) olcMemberOfDangling: error doesn't prevent adding nonexistent member to group
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8107) olcMemberOfDangling: error doesn't prevent adding nonexistent member to group
- From: email@example.com
- Date: Thu, 23 Apr 2015 02:50:38 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
On Sat, Apr 18, 2015 at 10:47:57PM +0000, firstname.lastname@example.org wrote:
>Adding a new group containing a nonexistent member, or or a nonexistent
>member to an existing group, triggers the following AddressSanitizer
>splat. No error when adding a valid member, or with memberof disabled.
That part turned out to be my fault, actually:
> #0 0xebdb1e in lutil_strncopy /home/ryan/pkg/openldap/openldap/libraries/liblutil/utils.c:317:2
> #1 0xd10adb in mdb_dn2id /home/ryan/pkg/openldap/openldap/servers/slapd/back-mdb/dn2id.c:360:9
The nonexistent entry I was trying to add was outside the db suffix.
Therefore nrlen in mdb_dn2id was wrong (in my specific case, negative)
and things got worse from there.
Testing with a nonexistent entry under the correct suffix, there are no
complaints from AddressSanitizer.
The buggy behaviour is still present, however: the member value is added
despite returning a 'constraint violation' result.