Bug 1644654
| Summary: | openldap crash in ldap_chain_op | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | German Parente <gparente> |
| Component: | openldap | Assignee: | Matus Honek <mhonek> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.5 | CC: | gparente, mpanaous, pkis, tmihinto |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-06 15:13:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: new issue in ldap_chain_op: Program terminated with signal 11, Segmentation fault. #0 ldap_chain_op (op=op@entry=0x7fcbb00008e0, rs=rs@entry=0x7fcba8ffbb00, op_f=0x7fcbe39e2fe0 <ldap_back_search>, ref=ref@entry=0x0, depth=depth@entry=0) at chain.c:422 422 for ( ; !BER_BVISNULL( ref ); ref++ ) { (gdb) list 417 (void)chaining_control_add( lc, op, &ctrls ); 418 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */ 419 420 li.li_bvuri = bvuri; 421 first_rc = -1; 422 for ( ; !BER_BVISNULL( ref ); ref++ ) { 423 SlapReply rs2 = { 0 }; 424 LDAPURLDesc *srv = NULL; 425 req_search_s save_oq_search = op->oq_search, 426 tmp_oq_search = { 0 }; (gdb) ref is NULL. Clearly: #define BER_BVISNULL(bv) ((bv)->bv_val == NULL) So, BER_BVISNULL( ref ) is crashing the server since "ref" is not checked before being accessed. Version-Release number of selected component (if applicable): openldap-servers-2.4.44-5.el7.x86_64