Re: Crashing OPENLDAP_REL_ENG_2 with malformed MODRDN

[Pierangelo Masarati <masarati@aero.polimi.it>]

Michael Ströder wrote:
> 
> HI!
> 
> Look at this LDIF snippet for provoking a malformed renaming operation:
> 
> -------------------------- snip ----------------------
> dn:  ou=Correct Name,ou=Testing,dc=stroeder,dc=com
> changetype: modrdn
> newrdn: ou=Malformed++Name
> deleteoldrdn: 1
> 
> -------------------------- snip ----------------------
> 
> $ ldapmodify2 -x -h localhost:1389 -D"cn=root,dc=stroeder,dc=com" -v -w
> ****** -f temp/malformed-renaming.ldif
> ldap_init( localhost:1389, 0 )
> modifying rdn of entry "ou=Correct Name,ou=Testing,dc=stroeder,dc=com"
>          new RDN: "ou=Malformed++Name" (do not keep existing values)
> ldap_modrdn: Operations error
>          additional info: unable to parse type(s)/value(s) used in RDN
> 
> ldif_record() = 1
> 
> It seems that the request is processed and the entry is renamed altough
> a proper error was returned in the LDAP response. Afterwards the server
> crashed and is not reachable anymore. The old entry which was falsely
> renamed is not visible and probably stays as trash in the database.

Found it.  The behavior of an intermediate function (rdn_attrs)
was changed, so it did alter the return arguments even in case 
of failure, resulting in freeing unallocated memory after the 
error occurred.  In my tests, however, the old entries were not 
affected (you may have lost yours because of the server crash)

Kurt,
I have a quick fix for this (REL_ENG_2; the problem does not 
affect 2_1).

Pierangelo.

-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 |
mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati