Bug 1268772
Summary: | ns-slapd crash double free in pagedresults_cleanup | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jan Kurik <jkurik> |
Component: | 389-ds-base | Assignee: | Noriko Hosoi <nhosoi> |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 6.8 | CC: | ekeck, gparente, jgalipea, nhosoi, nkinder, rmeggins, salmy, sramling |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.2.11.15-65.el6_7 | Doc Type: | Bug Fix |
Doc Text: |
Cause:
When a search results object was freed, there was a window
until the freed information was set to the pagedresults handle. If the paged-results handle was released due to a timeout in the window, double free occurred.
Fix:
The window is eliminated and there is no chance for the double free now.
|
Story Points: | --- |
Clone Of: | 1267296 | Environment: | |
Last Closed: | 2015-11-10 09:15:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1267296 | ||
Bug Blocks: |
Description
Jan Kurik
2015-10-05 08:30:11 UTC
For verification... It is extremely hard to reproduce the bug with the standalone 389-ds-base. I recommend to run 1) tet simple paged results test suite 2) upstream simple paged results related test cases. 3) run ldapsearch -E pr=<page_size> -l <timelimit> and wait longer than <timelimit> in the middle of the paging. If the connection is closed with T2 (SLAPD_DISCONNECT_IO_TIMEOUT) without any problem, test is passed. Ideally, set up IPA/SSSD and stress DS with short timelimit (nsslapd-timelimit in cn=config in dse.ldif) and short client_idle_timeout in sssd.conf. Then, stress the DS via SSSD. If it runs fine with no crash for long enough (one day?), we are confident to say verified. 1. Executed simplepaged acceptance tests. No regression found. ############## Result for backend test : SIMPLEPAGED run SIMPLEPAGED run elapse time : 00:04:57 SIMPLEPAGED run Tests PASS : 100% (17/17) 2. Executed simplepaged search with -E pr=15 -l 9 and waited for more than the timelimit. nsslapd-timelimit is set to 7, cn=config in dse.ldif. The connection got closed without any problem. 3. Currently, I am stressing the server with add/modify/delete/search in an IPA environment to check if there are crashes. nsslapd-timelimit value in cn=config is set to 7 and value for client_idle_timeout in sssd.conf is set 9. I will observe the setup for about 24hrs and then update the bug with my findings. Stressed directory sever for 24hrs and I observed no crashes. Hence, marking the bug as Verified. [root@vm-idm-004 ~]# rpm -qa |egrep 'ipa-|389-ds-' ipa-server-3.0.0-47.el6.x86_64 ipa-python-3.0.0-47.el6.x86_64 sssd-ipa-1.12.4-47.el6.x86_64 ipa-client-3.0.0-47.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch 389-ds-base-1.2.11.15-65.el6_7.x86_64 ipa-admintools-3.0.0-47.el6.x86_64 389-ds-base-debuginfo-1.2.11.15-65.el6_7.x86_64 389-ds-base-libs-1.2.11.15-65.el6_7.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-server-selinux-3.0.0-47.el6.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1998.html |