[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7850) slapd crashes on modrdn to an attr with no equality matching rule
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7850) slapd crashes on modrdn to an attr with no equality matching rule
- From: hyc@symas.com
- Date: Fri, 9 May 2014 18:33:15 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
ryan@nardis.ca wrote:
> Full_Name: Ryan Tandy
> Version: HEAD
> OS: Ubuntu 14.04
> URL:
> Submission from: (NULL) (142.32.208.226)
>
>
> Debian bug report: http://bugs.debian.org/666515
>
> Confirmed on master (at commit fcdd3a06) and RE24 (at commit 1253d7c1).
Thanks for the report. Should be fixed now in git master, please test.
>
> ldapadd or slapadd of an entry with a naming attribute such as 'audio' or
> 'jpegPhoto' is rejected with a reasonable error message:
>
> $ slapadd
> dn: jpegPhoto=test,dc=example,dc=com
> objectClass: inetOrgPerson
>
> slapadd: dn="jpegPhoto=test,dc=example,dc=com" (line=1): (64) naming attribute
> 'jpegPhoto' has no equality matching rule
>
> However, creating an entry with a valid DN and using ldapmodrdn to request a
> change of the naming attr to 'jpegPhoto' crashes slapd:
>
> $ slapadd
> dn: cn=Ryan Tandy,dc=example,dc=com
> objectClass: inetOrgPerson
> sn: Tandy
> jpegPhoto: test
>
> $ [start slapd...]
> $ ldapmodrdn -x -D cn=root,dc=example,dc=com -W 'cn=Ryan
> Tandy,dc=example,dc=com' 'jpegPhoto=test'
> Enter LDAP Password:
> ldap_result: Can't contact LDAP server (-1)
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffd81a60700 (LWP 9095)]
> 0x00000000004667f3 in slap_modrdn2mods (op=0x7ffd740026b0, rs=0x7ffd81a5faf0) at
> modrdn.c:448
> 448 if( desc->ad_type->sat_equality->smr_normalize) {
> (gdb) bt full
> #0 0x00000000004667f3 in slap_modrdn2mods (op=0x7ffd740026b0,
> rs=0x7ffd81a5faf0) at modrdn.c:448
> desc = 0x9add80
> mod_tmp = 0x7ffd74002670
> a_cnt = 0
> d_cnt = 32765
> old_rdn = 0x0
> new_rdn = 0x7ffd74003090
> __PRETTY_FUNCTION__ = "slap_modrdn2mods"
> #1 0x0000000000465688 in do_modrdn (op=0x7ffd740026b0, rs=0x7ffd81a5faf0) at
> modrdn.c:179
> dn = {bv_len = 31, bv_val = 0x7ffd74102c77 "cn=Ryan
> Tandy,dc=example,dc=com"}
> newrdn = {bv_len = 14, bv_val = 0x7ffd74102c98 "jpegPhoto=test"}
> newSuperior = {bv_len = 0, bv_val = 0x0}
> deloldrdn = 0
> pnewSuperior = {bv_len = 0, bv_val = 0x0}
> nnewSuperior = {bv_len = 0, bv_val = 0x0}
> length = 0
> #2 0x000000000044029f in connection_operation (ctx=0x7ffd81a5fc40,
> arg_v=0x7ffd740026b0) at connection.c:1134
> rc = 80
> cancel = 0
> op = 0x7ffd740026b0
> rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0,
> sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0,
> sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags =
> 0, r_operational_attrs = 0x0, r_attrs = 0x0,
> r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0},
> sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}},
> sr_flags = 0}
> tag = 108
> opidx = SLAP_OP_MODRDN
> conn = 0x7ffff7e6ae90
> memctx = 0x7ffd74002bf0
> memctx_null = 0x0
> memsiz = 1048576
> __PRETTY_FUNCTION__ = "connection_operation"
> #3 0x00000000004408f8 in connection_read_thread (ctx=0x7ffd81a5fc40, argv=0x10)
> at connection.c:1270
> rc = 0
> cri = {op = 0x7ffd740026b0, func = 0x0, arg = 0x0, ctx = 0x7ffd81a5fc40,
> nullop = 0}
> s = 16
> #4 0x00007ffff7b89e5e in ldap_int_thread_pool_wrapper (xpool=0x7fa480) at
> tpool.c:945
> pq = 0x7fa480
> pool = 0x7fa370
> task = 0x7ffd7c0008c0
> work_list = 0x7fa4f0
> ctx = {ltu_pq = 0x7fa480, ltu_id = 140726778595072, ltu_key = {{ltk_key
> = 0x43fd34 <conn_counter_init>,
> ltk_data = 0x7ffd74002ae0, ltk_free = 0x43fb86
> <conn_counter_destroy>}, {ltk_key = 0x4b9a08 <slap_sl_mem_init>,
> ltk_data = 0x7ffd74002bf0, ltk_free = 0x4b982d
> <slap_sl_mem_destroy>}, {ltk_key = 0x45c06b <slap_op_free>,
> ltk_data = 0x0, ltk_free = 0x45bfbe <slap_op_q_destroy>}, {ltk_key
> = 0x0, ltk_data = 0x0,
> ltk_free = 0x0} <repeats 23 times>, {ltk_key = 0x0, ltk_data =
> 0xe81b289de6cb1252, ltk_free = 0x80}, {ltk_key = 0x0,
> ltk_data = 0x0, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0,
> ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0,
> ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0},
> {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}}}
> kctx = 0x0
> i = 32
> keyslot = 586
> hash = 2858034762
> pool_lock = 0
> freeme = 0
> __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
> #5 0x00007ffff5dbf062 in start_thread (arg=0x7ffd81a60700) at
> pthread_create.c:312
> __res = <optimized out>
> pd = 0x7ffd81a60700
> now = <optimized out>
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140726778595072,
> 1720423256181903954, 1, 140737354125408, 0, 140726778595072,
> -1721737773892038062, -1720445005621816750}, mask_was_saved =
> 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
> prev = 0x0, cleanup = 0x0, canceltype = 0}}}
> not_first_call = <optimized out>
> pagesize_m1 = <optimized out>
> sp = <optimized out>
> freesize = <optimized out>
> __PRETTY_FUNCTION__ = "start_thread"
> #6 0x00007ffff5af2bfd in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
> No locals.
>
> The problem is a dereference of the missing equality rule:
>
> (gdb) p desc->ad_type
> $1 = (AttributeType *) 0x83ec70
> (gdb) p desc->ad_type->sat_equality
> $2 = (MatchingRule *) 0x0
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/