OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/8289
Full headers

From: michael@stroeder.com
Subject: slapd seg faults with MOD_INCREMENT on derived attribute
Compose comment
Download message
State:
0 replies:
2 followups: 1 2

Major security issue: yes  no

Notes:

Notification:


Date: Mon, 26 Oct 2015 22:56:48 +0000
From: michael@stroeder.com
To: openldap-its@OpenLDAP.org
Subject: slapd seg faults with MOD_INCREMENT on derived attribute
Full_Name: 
Version: re24
OS: openSUSE Linux
URL: 
Submission from: (NULL) (213.240.180.113)


Attribute type declaration 'bar' with Integer syntax.

'foo' SUP 'bar' makes slapd crash when sending LDAP_MOD_INCREMENT on 'foo'.

LDAP_MOD_INCREMENT on 'foo' works if it's not SUP 'bar' but directly declared
with Integer syntax.

Followup 1

Download message
Subject: Re: (ITS#8289) slapd seg faults with MOD_INCREMENT on derived
 attribute
To: openldap-its@OpenLDAP.org
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
Date: Tue, 27 Oct 2015 00:01:05 +0100
The last lines before crash:

562eb075 => access_allowed: delete access to
"cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de" "oathFailureCount"
requested
562eb075 => dn: [5] dc=stroeder,dc=de
562eb075 => acl_get: [5] matched
562eb075 => acl_get: [5] attr oathFailureCount
562eb075 => acl_mask: access to entry
"cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de", attr "oathFailureCount"
requested
562eb075 => acl_mask: to all values by "cn=michael
str.der+mail=michael@stroeder.com,ou=private,dc=stroeder,dc=de", (=0)
562eb075 <= check a_group_pat: cn=slapd admins,ou=groups,dc=stroeder,dc=de
562eb075 <= acl_mask: [1] applying manage(=mwrscxd) (stop)
562eb075 <= acl_mask: [1] mask: manage(=mwrscxd)
562eb075 => slap_access_allowed: delete access granted by manage(=mwrscxd)
562eb075 => access_allowed: delete access granted by manage(=mwrscxd)
562eb075 => access_allowed: result not in cache (oathFailureCount)
562eb075 => access_allowed: add access to
"cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de" "oathFailureCount"
requested
562eb075 => dn: [5] dc=stroeder,dc=de
562eb075 => acl_get: [5] matched
562eb075 => acl_get: [5] attr oathFailureCount
562eb075 => acl_mask: access to entry
"cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de", attr "oathFailureCount"
requested
562eb075 => acl_mask: to value by "cn=michael
str.der+mail=michael@stroeder.com,ou=private,dc=stroeder,dc=de", (=0)
562eb075 <= check a_group_pat: cn=slapd admins,ou=groups,dc=stroeder,dc=de
562eb075 <= acl_mask: [1] applying manage(=mwrscxd) (stop)
562eb075 <= acl_mask: [1] mask: manage(=mwrscxd)
562eb075 => slap_access_allowed: add access granted by manage(=mwrscxd)
562eb075 => access_allowed: add access granted by manage(=mwrscxd)
562eb075 acl: internal mod entryCSN: modify access granted
562eb075 acl: internal mod modifiersName: modify access granted
562eb075 acl: internal mod modifyTimestamp: modify access granted
562eb075 mdb_modify_internal: increment oathFailureCount
Segmentation fault



Followup 2

Download message
Subject: Re: (ITS#8289) slapd seg faults with MOD_INCREMENT on derived
 attribute
To: michael@stroeder.com, openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Tue, 27 Oct 2015 03:42:46 +0000
michael@stroeder.com wrote:
> Full_Name:
> Version: re24
> OS: openSUSE Linux
> URL:
> Submission from: (NULL) (213.240.180.113)
>
>
> Attribute type declaration 'bar' with Integer syntax.
>
> 'foo' SUP 'bar' makes slapd crash when sending LDAP_MOD_INCREMENT on 'foo'.
>
> LDAP_MOD_INCREMENT on 'foo' works if it's not SUP 'bar' but directly
declared
> with Integer syntax.
>
>
Fixed now in master

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org