Re: (ITS#8609) segfault in mods.c - modify_add_values

[okuznik@symas.com]

On Fri, Mar 24, 2017 at 12:07:32PM -0700, Paul B. Henson wrote:
> Ah, more confusion, sorry; I confirmed with Quanah the ITS 8432 patch
> I applied is identical to the one applied upstream, however, the line
> I referred to is in the patch applied to 2.4.44 release code, whereas
> I see you are referring to the current head of the 2.4 branch, which
> I'm sure has had numerous other changes applied to it that have
> probably shuffled things around a bit.

Hi Paul,
yes it did, I should have checked for that and would have if the wrong
line didn't line up so well.

> If I could reliably reproduce this issue :(, I would definitely test
> it on our dev systems with whatever code you requested. Unfortunately,
> it only randomly occurs every 2-4 weeks in production, and I don't
> think I could get management approval to run the unreleased
> development branch of code in production for that long to see what
> happens. The 2.4.45 testing call came out last month, is there a
> timeline yet on getting that out? I should be able to push that into
> production fairly soon after it is released and see what happens
> there.

I've had a look whether I could reproduce the issue somehow and there is
a potential crasher if the accesslog entry contained "reqmod:
eduPersonAffiliation:+". Can you confirm whether you have entries like
this in your logdb? There shouldn't be a way to have this kind of entry
generated that I could see but processing one can sometimes cause
a crash like the one you've been seeing.

The following patch should fix an issue where an invalid accesslog entry
of this sort is encountered. It should help you if that is the issue.

ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170327-ITS8609-ignore-invalid-accesslog-ops.patch

Regards,
Ondrej