[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8689) invalid rwm configuration causes slapd to SEGV
Full_Name: Quanah Gibson-Mount
Version: 2.4.45
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.239)
If you incorrectly configure slapo-rwm so that it has an invalid mapping, slapd
will crash after a search is performed against the mapped base. For example:
rwm-rewriteRule "(.+,)?dc=example2,[ ]?dc=com$" "$1dc-example, dc=com"
rwm-rewriteRule "(.+,)?dc=example2,dc=com$" "$1dc-example,dc=com"
(note that it has dc-example,dc=com instead of dc=example,dc=com)
It might be helpful? to parse the rewrite rules for validity, but that may be
difficult to do.
Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fcd66999700 (LWP 844)]
slap_sl_free (ptr=0x7fcd5c001178, ctx=0x7fcd5c000a80) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/sl_malloc.c:515
515 /home/build/sold-2.4.45.1/openldap/servers/slapd/sl_malloc.c: No such
file or directory.
(gdb) bt
#0 slap_sl_free (ptr=0x7fcd5c001178, ctx=0x7fcd5c000a80) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/sl_malloc.c:515
#1 0x0000000000431c03 in do_search (op=0x7fcd580028d0, rs=0x7fcd66998b10) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/search.c:257
#2 0x000000000042ff77 in connection_operation (ctx=0x7fcd66998c00,
arg_v=0x7fcd580028d0) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/connection.c:1158
#3 0x00007fcdac4fc3bb in ldap_int_thread_pool_wrapper (xpool=0x26e6fc0) at
/home/build/sold-2.4.45.1/openldap/libraries/libldap_r/tpool.c:963
#4 0x00007fcdac0c56ba in start_thread (arg=0x7fcd66999700) at
pthread_create.c:333
#5 0x00007fcdab1283dd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 4 (Thread 0x7fcd66999700 (LWP 844)):
#0 slap_sl_free (ptr=0x7fcd5c001178, ctx=0x7fcd5c000a80) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/sl_malloc.c:515
nextp = 0x6520e534bd7384d0
size = 7286935691776455520
p = 0x7fcd5c001170
tmpp = <optimized out>
ctx = 0x7fcd5c000a80
ptr = 0x7fcd5c001178
sh = 0x7fcd5c000a80
p = 0x7fcd5c001178
#1 0x0000000000431c03 in do_search (op=0x7fcd580028d0, rs=0x7fcd66998b10) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/search.c:257
base = {bv_len = 18, bv_val = 0x7fcd58000a87 "dc=example2,dc=com"}
siz = 0
off = <optimized out>
i = <optimized out>
#2 0x000000000042ff77 in connection_operation (ctx=0x7fcd66998c00,
arg_v=0x7fcd580028d0) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/connection.c:1158
rc = 80
cancel = <optimized out>
op = 0x7fcd580028d0
rs = {sr_type = REP_RESULT, sr_tag = 101, sr_msgid = 2, sr_err = -1,
sr_matched = 0x0, sr_text = 0x7fcda7ba945d "searchDN massage error", sr_ref =
0x0, sr_ctrls = 0x0, sr_un = {
sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs =
0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata =
0x0}, sru_extended = {
r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0}
tag = 99
opidx = SLAP_OP_SEARCH
conn = 0x7fcdac7e5b90
memctx = 0x7fcd5c000a80
memctx_null = 0x0
memsiz = 1048576
__PRETTY_FUNCTION__ = "connection_operation"
#3 0x00007fcdac4fc3bb in ldap_int_thread_pool_wrapper (xpool=0x26e6fc0) at
/home/build/sold-2.4.45.1/openldap/libraries/libldap_r/tpool.c:963
pq = 0x26e6fc0
pool = 0x26e6ee0
task = 0x7fcd600008c0
work_list = <optimized out>
ctx = {ltu_pq = 0x26e6fc0, ltu_id = 140520166364928, ltu_key = {{ltk_key
= 0x42e3a0 <conn_counter_init>, ltk_data = 0x7fcd5c000970, ltk_free = 0x42e480
<conn_counter_destroy>}, {
ltk_key = 0x484c30 <slap_sl_mem_init>, ltk_data = 0x7fcd5c000a80,
ltk_free = 0x484b00 <slap_sl_mem_destroy>}, {ltk_key = 0x4436d0 <slap_op_free>,
ltk_data = 0x7fcd5c000b70,
ltk_free = 0x4436a0 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data
= 0x0, ltk_free = 0x0} <repeats 29 times>}}
kctx = <optimized out>
keyslot = <optimized out>
hash = <optimized out>
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#4 0x00007fcdac0c56ba in start_thread (arg=0x7fcd66999700) at
pthread_create.c:333
__res = <optimized out>
pd = 0x7fcd66999700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140520166364928,
1493515270220219122, 0, 140520183139599, 140520166365632, 4391152,
-1503985625800834318, -1503832697886014734},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data =
{prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#5 0x00007fcdab1283dd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.
Thread 3 (Thread 0x7fcd6719a700 (LWP 843)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1 0x00007fcdac4fcc65 in ldap_pvt_thread_cond_wait (cond=<optimized out>,
mutex=<optimized out>) at
/home/build/sold-2.4.45.1/openldap/libraries/libldap_r/thr_posix.c:277
No locals.
#2 0x00007fcdac4fc45f in ldap_int_thread_pool_wrapper (xpool=0x26e6fc0) at
/home/build/sold-2.4.45.1/openldap/libraries/libldap_r/tpool.c:945
pq = 0x26e6fc0
pool = 0x26e6ee0
task = 0x0
work_list = <optimized out>
ctx = {ltu_pq = 0x26e6fc0, ltu_id = 140520174757632, ltu_key = {{ltk_key
= 0x42e3a0 <conn_counter_init>, ltk_data = 0x7fcd580026a0, ltk_free = 0x42e480
<conn_counter_destroy>}, {
ltk_key = 0x484c30 <slap_sl_mem_init>, ltk_data = 0x7fcd580027b0,
ltk_free = 0x484b00 <slap_sl_mem_destroy>}, {ltk_key = 0x4436d0 <slap_op_free>,
ltk_data = 0x7fcd58002d10,
ltk_free = 0x4436a0 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data
= 0x0, ltk_free = 0x0} <repeats 29 times>}}
kctx = <optimized out>
keyslot = <optimized out>
hash = <optimized out>
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007fcdac0c56ba in start_thread (arg=0x7fcd6719a700) at
pthread_create.c:333
__res = <optimized out>
pd = 0x7fcd6719a700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140520174757632,
1493515270220219122, 0, 140520183139647, 140520174758336, 4370320,
-1503984526826077454, -1503832697886014734},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data =
{prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#4 0x00007fcdab1283dd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.
Thread 2 (Thread 0x7fcd6799b700 (LWP 804)):
#0 0x00007fcdab1289d3 in epoll_wait () at
../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x000000000042b7c0 in slapd_daemon_task (ptr=<optimized out>) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/daemon.c:2539
ns = <optimized out>
at = <optimized out>
nfds = <optimized out>
revents = 0x26c0ff0
tvp = 0x0
cat = {tv_sec = 0, tv_usec = 0}
i = <optimized out>
nwriters = <optimized out>
now = <optimized out>
tv = {tv_sec = 0, tv_usec = 0}
tdelta = 1
rtask = <optimized out>
l = <optimized out>
last_idle_check = 1499703215
ebadf = 0
tid = 0
#2 0x00007fcdac0c56ba in start_thread (arg=0x7fcd6799b700) at
pthread_create.c:333
__res = <optimized out>
pd = 0x7fcd6799b700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140520183150336,
1493515270220219122, 0, 140735119107759, 140520183151040, 0,
-1503983425703836942, -1503832697886014734},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data =
{prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#3 0x00007fcdab1283dd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.
Thread 1 (Thread 0x7fcdac957700 (LWP 803)):
#0 0x00007fcdac0c698d in pthread_join (threadid=140520183150336,
thread_return=thread_return@entry=0x0) at pthread_join.c:90
__tid = 804
_buffer = {__routine = 0x7fcdac0c68b0 <cleanup>, __arg = 0x7fcd6799bd28,
__canceltype = 0, __prev = 0x0}
oldtype = 0
pd = 0x7fcd6799b700
self = 0x7fcdac957700
result = 0
#1 0x00007fcdac4fcbf5 in ldap_pvt_thread_join (thread=<optimized out>,
thread_return=thread_return@entry=0x0) at
/home/build/sold-2.4.45.1/openldap/libraries/libldap_r/thr_posix.c:197
No locals.
#2 0x000000000042d529 in slapd_daemon () at
/home/build/sold-2.4.45.1/openldap/servers/slapd/daemon.c:2932
i = 0
rc = 0
#3 0x0000000000415261 in main (argc=7, argv=<optimized out>) at
/home/build/sold-2.4.45.1/openldap/servers/slapd/main.c:1016
i = <optimized out>
no_detach = 0
urls = 0x26ae0d0 "ldap:///"
username = 0x26ae090 "EXTERNAL"
groupname = 0x26ae0b0 "\006\362\032\253\315\177"
sandbox = 0x0
syslogUser = 160
pid = <optimized out>
waitfds = {9, 10}
g_argc = 7
g_argv = <optimized out>
configfile = 0x0
configdir = 0x0
serverName = 0x7fff72c838fe "slapd"
scp = <optimized out>
scp_entry = <optimized out>
debug_unknowns = 0x0
syslog_unknowns = 0x0
serverNamePrefix = <synthetic pointer>
l = <optimized out>
slapd_pid_file_unlink = 1
slapd_args_file_unlink = 1
firstopt = <optimized out>
__PRETTY_FUNCTION__ = "main"