Bug 1109333

Summary: 389 Server crashes if uniqueMember is invalid syntax and memberOf plugin is enabled.
Product: Red Hat Enterprise Linux 6 Reporter: Noriko Hosoi <nhosoi>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Sankar Ramalingam <sramling>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0CC: jgalipea, nkinder, rmeggins, vashirov
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.11.15-34.el6 Doc Type: Bug Fix
Doc Text:
Cause: MemberOf plugin code assumes the DN value has the correct syntax, and does not check the normalized value of that DN. Consequence: This leads to dereferencing a NULL pointer and crash. Fix: Check the normalized value, and log a proper error. Result: Invalid DN does not cause the crash and it is logged in the error log.
 Story Points: ---
Clone Of:
: 1109334 (view as bug list) Environment:
Last Closed: 2014-10-14 07:55:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1109334    

Description Noriko Hosoi 2014-06-13 17:13:59 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/47793

Attempting to add a uniqueMember to a group of type groupOfUniqueNames crashes the server if syntax checking is off.

Steps to recreate:
1. Enable memberofplugin with memberofgroupattr=uniqueMember and memberofattr=memberOf.  (Requires server restart)
2. Disable syntax checking: in cn=cn=config, attribute nsslapd-syntaxcheck=off
3. In any groupOfUniqueName group, add an invalid uniqueMember such as cn=test,null,dc=will,dc=crash
Comment 1 Noriko Hosoi 2014-06-17 01:00:40 UTC 
Steps to verify:
Description in https://fedorahosted.org/389/ticket/47793
Comment 3 Viktor Ashirov 2014-07-10 16:47:54 UTC 
$ rpm -qa | grep 389
389-ds-base-1.2.11.15-38.el6.x86_64
389-ds-base-libs-1.2.11.15-38.el6.x86_64

$ ldapmodify -D 'cn=Directory Manager' -w Secret123  -H ldap://localhost:389  << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-syntaxcheck
> nsslapd-syntaxcheck: off
> -
> 
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> changetype: modify
> replace: memberofgroupattr
> memberofgroupattr: member
> memberofgroupattr: uniqueMember
> -
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> -
> EOF
modifying entry "cn=config"

modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"

$ ldapadd -D 'cn=Directory Manager' -w Secret123  -H ldap://localhost:389  << EOF
> dn: cn=memberofgroup,ou=Groups,dc=example,dc=com
> objectClass: groupofuniquenames
> objectClass: top
> cn: memberofgroup
> EOF
adding new entry "cn=memberofgroup,ou=Groups,dc=example,dc=com"

$ ldapmodify -D 'cn=Directory Manager' -w Secret123  -H ldap://localhost:389  << EOF
> dn: cn=memberofgroup,ou=Groups,dc=example,dc=com
> changetype: modify
> add: uniqueMember
> uniqueMember: cn=test,null,dc=will,dc=crash
> -
> EOF
modifying entry "cn=memberofgroup,ou=Groups,dc=example,dc=com"

$ pgrep ns-slapd
5781
Server keeps running. On affected version of 389-ds-base ns-slapd would crash. 
Hence marking as verified.
Comment 4 errata-xmlrpc 2014-10-14 07:55:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1385.html