Bug 204623
| Summary: | deleting attributes when changing password causes server crash | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Michal Vocu <tucnacek> | ||||||||
| Component: | Directory Server | Assignee: | Rich Megginson <rmeggins> | ||||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Viktor Ashirov <vashirov> | ||||||||
| Severity: | high | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | 1.0.2 | ||||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2015-12-07 16:56:41 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | |||||||||||
| Bug Blocks: | 152373, 208654, 240316 | ||||||||||
| Attachments: |
|
||||||||||
Created attachment 135210 [details]
patch
Thanks! We would like to get this fix into the upcoming 1.0.3 version. However, in order to use your patch, we require either an Individual or Corporate Contributor License Agreement. Please see http://directory.fedora.redhat.com/wiki/Contributing for more information. Have you submitted your CLA yet? This is required, otherwise we cannot accept your patch for inclusion in the product. I did about an hour ago; hope it got through. Sorry, I did not mean to cause delays in schedule. Thanks!
> Sorry, I did not mean to cause delays in schedule.
No, no problem. I should have asked you to submit a CLA months ago when you
submitted the patch. I keep forgetting. We're all still getting used to this
open source development process.
Thanks again for the patch and keep them coming!
Created attachment 138386 [details]
new diffs for mod_values case
Looks like we have the same problem in the mod_values case (even though the
code says this should never be called, better to be safe than sorry).
Looks good! Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: From Michal: "The function mod2smod does not check for
mod->mod_bvalues being NULL and tries
to dereference it (modutil.c:370). This function happens to be called only by
slapi_mods_get_{first,next}_smod(), which are in turn called only by
check_trivial_words() in pw.c; this is why the crash appears only when checking
password syntax."
I added the same check for the mod_values case - even though the
code says this should never be called, better to be safe than sorry.
Platforms tested: RHEL4
Checking in modutil.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/modutil.c,v <-- modutil.c
new revision: 1.6; previous revision: 1.5
done
Created attachment 284721 [details]
perl script used to verify bug with
Used the previous script to make the change and delete.
Had the following output:
[root@legbreaker ~]# ./modldap.pl
modifing:
dn: uid=12,ou=People, o=my.com
mail: 12
uid: 12
givenName: 1
objectClass: top
sn: 2
cn: 1 2
userPassword: {SSHA}GXmHVv1cWhz/QUtxDlZyC5hUgNovYCClwaqHxw==
[root@legbreaker ~]# ./modldap.pl
modifing:
dn: uid=12,ou=People, o=my.com
uid: 12
givenName: 1
objectClass: top
sn: 2
cn: 1 2
userPassword: {SSHA}qMir6JcJ3Dk4djGefX7dXj3WABj2iiCeDCVS1w==
The email was removed and the password hash changed.
Bug verified aginst:
1197402236 redhat-ds-base-8.0.0-11.el5dsrv Tue Dec 11 2007
1197402244 redhat-ds-admin-8.0.0-1.15.el5dsrv Tue Dec 11 2007
1197402246 redhat-ds-console-8.0.0-8.el5dsrv Tue Dec 11 2007
1197402247 redhat-admin-console-8.0.0-9.el5dsrv Tue Dec 11 2007
|
Description of problem: The server crashes when performing single operation involving both password change and attribute deletion, if the password is subject to password policy syntax checking. Version-Release number of selected component (if applicable): 1.0.2 How reproducible: Always. Steps to Reproduce: 1. create password policy with password syntax checking on 2. modify userPassword and delete another attribute using single operation, like (in Perl): $ldap = new Net::LDAP(...); ... $ldap->modify("dn", changes => [ replace => [ mail => [], userPassword => "pw" ] ] ] ); Actual results: Server crash. Expected results: Server performs the requested operation. Additional info: The function mod2smod does not check for mod->mod_bvalues being NULL and tries to dereference it (modutil.c:370). This function happens to be called only by slapi_mods_get_{first,next}_smod(), which are in turn called only by check_trivial_words() in pw.c; this is why the crash appears only when checking password syntax. The attached patch fixes that.