Bug 1748016

Summary: ns-slapd crashes during ldapi search
Product: Red Hat Enterprise Linux 8 Reporter: Viktor Ashirov <vashirov>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: unspecified    
Version: 8.1CC: lkrispen, msauton, nkinder, pasik, spichugi, tbordaz, tmihinto, vashirov
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.4.2.4-1.module+el8.2.0+4699+cf2da360 Doc Type: Bug Fix
Doc Text:
.Directory Server instance names can now have up to 103 characters When an LDAP client establishes a connection to Directory Server, the server stores information related to the client address in a local buffer. Previously, the size of this buffer was too small to store an LDAPI path name longer than 46 characters. For example, this is the case if name of the Directory Server instance is too long. As a consequence, the server terminated unexpectedly due to an buffer overflow. This update increases the buffer size to the maximum size the Netscape Portable Runtime (NSPR) library supports for the path name. As a result, Directory Server no longer crashes in the mentioned scenario. Note that due to the limitation in the NSPR library, an instance name can be maximum 103 characters.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:01:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Viktor Ashirov 2019-09-02 13:29:26 UTC 
Description of problem:
After bz1715675 ns-slapd crashes, if the instance name is longer than 34 symbols and it is accessed over ldapi socket.

Version-Release number of selected component (if applicable):
389-ds-base-1.4.1.3-5.module+el8.1.0+3776+ece1ae4c.x86_64

How reproducible:
always

Steps to Reproduce:
1. dscreate with instance name longer than 34 symbols, for example 12345678901234567890123456789012345
2. ldapsearch -D cn=directory\ manager -w password -H ldapi://%2fvar%2frun%2fslapd-12345678901234567890123456789012345.socket -b cn=config


Actual results:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)                                                                                                                                         


Sep 02 10:48:22 server-f30.example.com ns-slapd[28472]: [02/Sep/2019:10:48:22.202346892 +0000] - INFO - slapd_daemon - Listening on /var/run/slapd-12345678901234567890123456789012345.socket >
Sep 02 10:48:22 server-f30.example.com systemd[1]: Started 389 Directory Server 12345678901234567890123456789012345..
Sep 02 10:48:26 server-f30.example.com ns-slapd[28472]: *** stack smashing detected ***: <unknown> terminated
Sep 02 10:48:26 server-f30.example.com ldapsearch[28512]: DIGEST-MD5 common mech free
Sep 02 10:48:26 server-f30.example.com systemd[1]: dirsrv: Main process exited, code=killed, status=6/ABRT
Sep 02 10:48:26 server-f30.example.com systemd[1]: dirsrv: Failed with result 'signal'.

Expected results:
No crash

Additional info:
Comment 2 thierry bordaz 2019-09-02 15:30:46 UTC 
Upstream ticket:
https://pagure.io/389-ds-base/issue/50581
Comment 3 thierry bordaz 2019-09-17 15:13:00 UTC 
Fix pushed upstream -> POST
Comment 5 Viktor Ashirov 2019-12-03 13:34:36 UTC 
===================================================================== test session starts =====================================================================
platform linux -- Python 3.6.8, pytest-5.3.1, py-1.8.0, pluggy-0.13.1 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-5.3.12-300.fc31.x86_64-x86_64-with-redhat-8.2-Ootpa', 'Packages': {'pytest': '5.3.1', 'py': '1.8.0', 'pluggy': '0.13.1'}, 'Plugins': {'html': '2.0.1', 'metadata': '1.8.0'}}
389-ds-base: 1.4.2.4-4.module+el8.2.0+4930+d4051b3a
nss: 3.44.0-8.el8
nspr: 4.21.0-2.el8_0
openldap: 2.4.46-10.el8
cyrus-sasl: not installed
FIPS: disabled
rootdir: /workspace/ds/dirsrvtests, inifile: pytest.ini
plugins: html-2.0.1, metadata-1.8.0
collected 1 item                                                                                                                                              

dirsrvtests/tests/suites/basic/basic_test.py::test_dscreate_longname PASSED                                                                             [100%]

=============================================================== 1 passed, 10 warnings in 22.33s ===============================================================

Marking as VERIFIED.
Comment 11 errata-xmlrpc 2020-04-28 16:01:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1703