Bug 1378365

Summary: crash in openldap in test_filter
Product: Red Hat Enterprise Linux 6 Reporter: German Parente <gparente>
Component: openldapAssignee: Matus Honek <mhonek>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.7CC: mhonek, moddi, nkinder, pkis
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-29 15:29:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1461138    

Description German Parente 2016-09-22 09:27:15 UTC 
Description of problem:

Server is crashing with this backtrace:


#0  test_filter (op=0x7f8ac433be40, e=0x7f8afd51a348, f=0xb)
    at ../../../servers/slapd/filterentry.c:69
69		if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
(gdb) bt
#0  test_filter (op=0x7f8ac433be40, e=0x7f8afd51a348, f=0xb)
    at ../../../servers/slapd/filterentry.c:69
#1  0x00007f8af7e35d11 in syncprov_matchops (op=0x7f8ac433d3f0, 
    opc=0x7f8ab8004258, saveit=0)
    at ../../../../servers/slapd/overlays/syncprov.c:1316
#2  0x00007f8af7e36aa0 in syncprov_op_response (op=0x7f8ac433d3f0, 
    rs=<value optimized out>)
    at ../../../../servers/slapd/overlays/syncprov.c:1939
#3  0x00007f8afbfb59de in slap_response_play (op=0x7f8ac433d3f0, 
    rs=0x7f8ac433caf0) at ../../../servers/slapd/result.c:507
#4  0x00007f8afbfb65a0 in send_ldap_response (op=0x7f8ac433d3f0, 
    rs=0x7f8ac433caf0) at ../../../servers/slapd/result.c:582
#5  0x00007f8afbfb756f in slap_send_ldap_result (op=0x7f8ac433d3f0, 
    rs=0x7f8ac433caf0) at ../../../servers/slapd/result.c:860
#6  0x00007f8afc02ee15 in hdb_modify (op=0x7f8ac433d3f0, rs=0x7f8ac433caf0)
    at modify.c:802
#7  0x00007f8afc014457 in overlay_op_walk (op=0x7f8ac433d3f0, 
    rs=0x7f8ac433caf0, which=op_modify, oi=0x7f8afd5979a0, on=0x0)
    at ../../../servers/slapd/backover.c:671
#8  0x00007f8afc014eb4 in over_op_func (op=0x7f8ac433d3f0, 
    rs=<value optimized out>, which=<value optimized out>)
    at ../../../servers/slapd/backover.c:723
#9  0x00007f8afc00e4b5 in syncrepl_entry (op=0x7f8ac433d3f0, si=0x7f8ae8140150)
---Type <return> to continue, or q <return> to quit---
    at ../../../servers/slapd/syncrepl.c:3176
#10 do_syncrep2 (op=0x7f8ac433d3f0, si=0x7f8ae8140150)
    at ../../../servers/slapd/syncrepl.c:1024
#11 0x00007f8afc0104dd in do_syncrepl (ctx=<value optimized out>, 
    arg=0x7f8ae8135cf0) at ../../../servers/slapd/syncrepl.c:1539
#12 0x00007f8afbfa6246 in connection_read_thread (ctx=0x7f8ac433db70, 
    argv=<value optimized out>) at ../../../servers/slapd/connection.c:1293
#13 0x00007f8afbaf1ce8 in ldap_int_thread_pool_wrapper (xpool=0x7f8afd4e0d10)
    at ../../../libraries/libldap_r/tpool.c:688
#14 0x00007f8af9ab99d1 in start_thread (arg=0x7f8ac433e700)
    at pthread_create.c:255
#15 0x00007f8af95fb8fd in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:77
#16 0x0000000000000000 in ?? ()

as the filter is NULL

(gdb) print f
$1 = (Filter *) 0xb

the access to f->f_choice provokes the crash.




this seems similar to 

=================================================================
Bug 1111007 - slapd crashed by segfault while syncrepl processing
=================================================================

that was closed by "insufficient data"

 
Version-Release number of selected component (if applicable): openldap-2.4.40-12.el6.x86_64


How reproducible: sometimes.


Additional info:


seems to be exactly the stacktrace found in:

======================================================================
Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS#8013)
======================================================================

which has been fixed in 2015. But I don't know how to access the source coude of this ITS so as to make a test package to give to the customer.

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8013

where it shows the same stack trace:


(0) /opt/openldap.devel/libexec/slapd() [0x442f07]: test_filter
/home/ly/Projects/openldap.git/servers/slapd/filterentry.c:69
(1) /opt/openldap.devel/libexec/slapd() [0x514721]: syncprov_matchops
/home/ly/Projects/openldap.git/servers/slapd/overlays/syncprov.c:1316
(2) /opt/openldap.devel/libexec/slapd() [0x514b83]: syncprov_op_mod
/home/ly/Projects/openldap.git/servers/slapd/overlays/syncprov.c:2145
(3) /opt/openldap.devel/libexec/slapd() [0x48b31a]: overlay_op_walk
/home/ly/Projects/openldap.git/servers/slapd/backover.c:662
(4) /opt/openldap.devel/libexec/slapd() [0x48b4c1]: over_op_func
/home/ly/Projects/openldap.git/servers/slapd/backover.c:724
(5) /opt/openldap.devel/libexec/slapd() [0x4811a6]: syncrepl_entry
/home/ly/Projects/openldap.git/servers/slapd/syncrepl.c:3177
do_syncrep2
/home/ly/Projects/openldap.git/servers/slapd/syncrepl.c:10%0
(6) /opt/openldap.devel/libexec/slapd() [0x4844b2]: do_syncrepl
/home/ly/Projects/openldap.git/servers/slapd/syncrepl.c:1539


Is it possible to backport it to our rhel6 / rhel7 versions ?

thanks a lot.

German.
Comment 2 Matus Honek 2016-09-22 11:53:18 UTC 
Thanks for the prior investigation!

The commit for ITS#8013 is this one (unfortunately, one has to search commit messages):
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=44a8ab7143179974ec2b54995ebf13b2a40f111c