slapd crashed with SIGSEGV in lutil_str2bin() when using mdb
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Roel Standaert |
Bug Description
[Impact]
When OpenLDAP is used with mdb as its backend, this bug is very likely to occur: when a numeric field that is indexed (could be uidNumber, for example) is removed. This impedes the normal operation of slapd, as it becomes impossible to delete these entries and
any attempt to do so crashes slapd with a segmentation fault.
[Test Case]
1. Install OpenLDAP (apt-get install slapd ldap-utils)
2. Run testbug.sh as root (WARNING: this will wipe /etc/ldap/slapd.d and /var/lib/ldap, do this on a clean install)
3. Run "ldapdelete -x -D cn=admin,
4. - Expected result: The delete action succeeds, "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com 'uid=johndoe'" should return nothing.
- Actual result: slapd crashes with SIGSEGV (see /var/log/syslog). The entry is not deleted.
[Regression Potential]
The fix introduces new variables local in function scope. It also removes the side effects
caused by temporarily changing an input variable. Because changing the input variable is not the intended behavior, and this fix only introduces temporary variables in function scope, it can be considered as a safe change. Also, this is the only fix in a long time to utils.c, and didn't cause any problems upstream.
[Other Info]
When I try to remove certain entries from OpenLDAP, slapd crashes with a segmentation fault, when using the mdb backend. When I looked at the backtrace, it appeared to be this issue:
http://
which is fixed in later versions of Ubuntu (it was fixed in OpenLDAP 2.4.30), but not in precise.
It was fixed upstream in this commit:
http://
The bug occurred on a production server (where the bug first occurred) and in a VM using a dump of that server's directory.
I've downloaded the source package, applied Ubuntu-specific patches and the above patch, and the bug does seem to be absent from the compiled result.
ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: slapd 2.4.28-1.1ubuntu4.3
ProcVersionSign
Uname: Linux 3.5.0-23-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.4
Architecture: amd64
Date: Sun Aug 25 18:59:12 2013
ExecutablePath: /usr/sbin/slapd
InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214)
MarkForUpload: True
ProcCmdline: /usr/sbin/slapd -h ldap:///\ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.utf8
SegvAnalysis:
Segfault happened at: 0x7f208d8ea3b2 <lutil_
PC (0x7f208d8ea3b2) ok
source "$0x0" ok
destination "0x0(%rbp)" (0x7f0c879633d3) in non-writable VMA region: 0x7f0c871b5000-
Stack memory exhausted (SP below stack segment)
SegvReason: writing VMA /var/lib/
Signal: 11
SourcePackage: openldap
StacktraceTop:
lutil_str2bin (in=<optimized out>, out=0x7f0c76ffd430, ctx=0x7f0c70000ea0) at ../../.
integerVal2Key (in=<optimized out>, tmp=<optimized out>, ctx=<optimized out>, key=<optimized out>) at ../../.
integerIndexer (use=<optimized out>, flags=<optimized out>, syntax=<optimized out>, mr=<optimized out>, prefix=<optimized out>, values=
indexer (op=0x7f0c70000900, txn=<optimized out>, ai=<optimized out>, atname=
index_at_values (op=0x7f0c70000900, txn=0x7f0c70100f80, type=0x7f208f96
Title: slapd crashed with SIGSEGV in lutil_str2bin()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
Related branches
- Ubuntu Development Team: Pending requested
-
Diff: 113 lines (+93/-0)3 files modifieddebian/changelog (+10/-0)
debian/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch (+82/-0)
debian/patches/series (+1/-0)
Changed in openldap (Ubuntu): | |
importance: | Undecided → Medium |
information type: | Private → Public |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in openldap (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in openldap (Ubuntu Precise): | |
assignee: | nobody → Roel Standaert (s-roel) |
Changed in openldap (Ubuntu Precise): | |
status: | Triaged → In Progress |
StacktraceTop: ./../libraries/ liblutil/ utils.c: 812 ./../servers/ slapd/schema_ init.c: 2545 0x7f0c70001bb8, keysp=0x7f0c76f fd570, ctx=0x7f0c70000ea0) at ../../. ./../servers/ slapd/schema_ init.c: 2634 0x7f208f9657b8, vals=0x7f0c7000 1bb8, id=4103, opid=2, mask=4, ad=<optimized out>) at ../../. ./../.. /servers/ slapd/back- mdb/index. c:211 5750, tags=0x7f208f96 5900, vals=0x7f0c7000 1bb8, id=4103, opid=2, ad=<optimized out>) at ../../. ./../.. /servers/ slapd/back- mdb/index. c:337
lutil_str2bin (in=<optimized out>, out=0x7f0c76ffd430, ctx=0x7f0c70000ea0) at ../../.
integerVal2Key (in=<optimized out>, tmp=<optimized out>, ctx=<optimized out>, key=<optimized out>) at ../../.
integerIndexer (use=<optimized out>, flags=<optimized out>, syntax=<optimized out>, mr=<optimized out>, prefix=<optimized out>, values=
indexer (op=0x7f0c70000900, txn=<optimized out>, ai=<optimized out>, atname=
index_at_values (op=0x7f0c70000900, txn=0x7f0c70100f80, type=0x7f208f96