[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#9128) Fix for slapd-mdb start Bus Error in strchrlen

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9128) Fix for slapd-mdb start Bus Error in strchrlen
From: hyc@symas.com
Date: Wed, 04 Dec 2019 20:51:56 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

requate@univention.de wrote:
> Full_Name: Arvid Requate
> Version: 2.4.45
> OS: UCS / Debian Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (92.210.162.23)
> 
> 
> In our CI tests we observed a situation where the slapd-mdb failed to start,
> terminating due to a "bus error" and slapcat showed the same behaviour. I turned
> out that the data.mdb file had an "Attribute;option" string right at the end of
> it and strchrlen tried to access a memory location past the end of the page
> while scanning for another ';', see stack trace down below.

Thanks for the report, fix applied to master.
> 
> This patch fixed the issue for us:
> =========================================================
> Author: Arvid Requate <requate@univention.de>
> Date:   Tue Dec 3 23:33:10 2019 +0100
> 
>     Avoid bus error with slapd-mdb/slapcat
> 
> diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c
> index 801f18d34..31a94a725 100644
> --- a/servers/slapd/ad.c
> +++ b/servers/slapd/ad.c
> @@ -145,7 +145,7 @@ static char *strchrlen(
>  {
>         const char *p;
>  
> -       for( p=beg; *p && p < end; p++ ) {
> +       for( p=beg; p < end && *p; p++ ) {
>                 if( *p == ch ) {
>                         *len = p - beg;
>                         return (char *) p;
> =========================================================
> 
> This is the stack trace:
> =========================================================
> $ gdb slapcat
>  bt
> #0  0x00005555555d0dc4 in strchrlen (len=<synthetic pointer>, ch=59 ';',
> end=0x7fff6bd62000 <error: Cannot access memory at address 0x7fff6bd62000>, 
>     beg=0x7fff6bd61ff5 "entry-de-de"<error: Cannot access memory at address
> 0x7fff6bd62000>) at ../../../../servers/slapd/ad.c:148
> #1  slap_bv2ad (bv=bv@entry=0x7fffffffdbe0, ad=ad@entry=0x7fffffffdbb8,
> text=text@entry=0x7fffffffdbb0) at ../../../../servers/slapd/ad.c:224
> #2  0x00007fffee70e043 in mdb_ad_read (mdb=mdb@entry=0x555555a58240,
> txn=<optimized out>) at ../../../../../servers/slapd/back-mdb/attr.c:573
> #3  0x00007fffee6fe4ad in mdb_db_open (be=0x7fffffffdd90, cr=0x7fffffffdf80) at
> ../../../../../servers/slapd/back-mdb/init.c:263
> #4  0x00005555555fa601 in over_db_open (be=<optimized out>, cr=0x7fffffffdf80)
> at ../../../../servers/slapd/backover.c:149
> #5  0x000055555559a317 in backend_startup_one (be=be@entry=0x555555a580a0,
> cr=cr@entry=0x7fffffffdf80) at ../../../../servers/slapd/backend.c:224
> #6  0x000055555559a4cb in backend_startup (be=be@entry=0x555555a580a0) at
> ../../../../servers/slapd/backend.c:278
> #7  0x00005555555bc0e1 in slap_startup (be=0x555555a580a0) at
> ../../../../servers/slapd/init.c:219
> #8  0x00005555555ffc84 in slap_tool_init (progname=progname@entry=0x55555561d2c1
> "slapcat", tool=tool@entry=2, argc=<optimized out>, argv=<optimized out>) at
> ../../../../servers/slapd/slapcommon.c:908
> #9  0x00005555555fec90 in slapcat (argc=<optimized out>, argv=<optimized out>)
> at ../../../../servers/slapd/slapcat.c:53
> #10 0x0000555555570867 in main (argc=1, argv=0x7fffffffe568) at
> ../../../../servers/slapd/main.c:410
> =========================================================
> 
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#9128) Fix for slapd-mdb start Bus Error in strchrlen
Next by Date: Re: (ITS#8980) Async mode and TLS Non-Blocking Issue
Index(es):
- Chronological
- Thread