Bug 498432

Summary: deref_r can cause ns-slapd to crash
Product: [Fedora] Fedora Reporter: Rob Crittenden <rcritten>
Component: slapi-nisAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: nalin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 0.15-1.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-13 00:29:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The data none

Description Rob Crittenden 2009-04-30 13:47:30 UTC 
Created attachment 341924 [details]
The data

Description of problem:

This configuration entry can cause ns-slapd to crash:

schema-compat-entry-attribute: nisNetgroupTriple=(%link("%{externalHost}", "-", ",", "%deref_r(\"memberUser\",\"member\")", "-"),%{nisDomainName:-})

#0  0x00110416 in __kernel_vsyscall ()
#1  0x00a3e660 in raise () from /lib/libc.so.6
#2  0x00a40028 in abort () from /lib/libc.so.6
#3  0x00a7b64d in __libc_message () from /lib/libc.so.6
#4  0x00a81874 in malloc_printerr () from /lib/libc.so.6
#5  0x00c0d5ed in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#6  0x00c1241e in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#7  0x00c10dbf in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#8  0x00c11b27 in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#9  0x00c11d0b in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#10 0x00c0969c in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#11 0x00c0aa84 in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#12 0x0017f2a6 in internal_srch_entry_callback (be=0xa135c28, conn=0x0, 
    op=0xa141d88, e=0xa1de038) at ldap/servers/slapd/plugin_internal_op.c:131
#13 0x0018b864 in send_ldap_search_entry_ext (pb=0xa141c28, e=0xa1de038, 
    ectrls=0x0, attrs=0x0, attrsonly=0, send_result=0, nentries=0, urls=0x0)
    at ldap/servers/slapd/result.c:1200
#14 0x0018c101 in send_ldap_search_entry (pb=0xa141c28, e=0xa1de038, 
    ectrls=0x0, attrs=0x0, attrsonly=0) at ldap/servers/slapd/result.c:805
#15 0x00174f8a in iterate (pb=0xa141c28, be=0xa135c28, send_result=1, 
    pnentries=0xae6a2b1c) at ldap/servers/slapd/opshared.c:1115
#16 0x00175b4e in op_shared_search (pb=0xa141c28, send_result=1)
    at ldap/servers/slapd/opshared.c:1309
#17 0x0017f815 in search_internal_callback_pb (pb=0xa141c28, 
    callback_data=<value optimized out>, prc=0, psec=0xc0aa60 <tsearch+11500>, 
    prec=0) at ldap/servers/slapd/plugin_internal_op.c:761
#18 0x00c0cf4f in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#19 0x00c09464 in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#20 0x00c0b1f3 in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#21 0x0017c0a1 in plugin_call_func (list=0xa12d7b8, operation=507, 
    pb=0xa1dd890, call_one=0) at ldap/servers/slapd/plugin.c:1369
#22 0x0017c2ae in plugin_call_plugins (pb=0xa1dd890, whichfunction=507)
    at ldap/servers/slapd/plugin.c:1331
#23 0x00134fdf in op_shared_add (pb=0xa1dd890) at ldap/servers/slapd/add.c:669
#24 0x00136695 in do_add (pb=0xa1dd890) at ldap/servers/slapd/add.c:225
#25 0x08058132 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:487
#26 0x00927f81 in ?? () from /lib/libnspr4.so
#27 0x00bd532f in start_thread () from /lib/libpthread.so.0
#28 0x00af220e in clone () from /lib/libc.so.6

Here is the entire entry:

dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: ng
schema-compat-container-group: cn=compat, dc=example, dc=com
schema-compat-container-rdn: cn=ng
schema-compat-check-access: yes
schema-compat-search-base: cn=ng,cn=alt,dc=example,dc=com
schema-compat-search-filter: !(cn=ng)
schema-compat-entry-rdn: cn=%{cn}
schema-compat-entry-attribute: objectclass=nisNetgroup
schema-compat-entry-attribute: memberNisNetgroup=%deref_r("member","cn")
schema-compat-entry-attribute: memberNisNetgroup=%referred_r("cn=ng","memberOf","cn")
schema-compat-entry-attribute: nisNetgroupTriple=(%link("%{externalHost}", "-", ",", "%deref_r(\"memberUser\",\"uid\")", "-"),%{nisDomainName:-})
schema-compat-entry-attribute: nisNetgroupTriple=(%link("%{externalHost}", "-", ",", "%deref_r(\"memberUser\",\"member\")", "-"),%{nisDomainName:-})

Version-Release number of selected component (if applicable):

slapi-nis-0.11-1.fc9.i386

Steps to Reproduce:
1. Add the config entry
2. ldapsearch -x -b "cn=ng,cn=compat,dc=example,dc=com"
Comment 1 Nalin Dahyabhai 2009-04-30 15:37:46 UTC 
See, this is what happens when I'm in too much of a hurry to do a "make check".
Comment 2 Nalin Dahyabhai 2009-04-30 20:21:42 UTC 
Okay, I think this is different from bug #497904, and is a bug in the %link implementation.  It should be fixed in 0.13.  (Thanks for the test data -- it made it much easier to spot the logic errors, and I've incorporated it into the test suite.)
Comment 3 Fedora Update System 2009-05-02 16:37:15 UTC 
slapi-nis-0.13-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update slapi-nis'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2009-4169
Comment 4 Fedora Update System 2009-05-12 04:09:23 UTC 
slapi-nis-0.15-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update slapi-nis'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2009-4169
Comment 5 Fedora Update System 2009-05-13 00:24:56 UTC 
slapi-nis-0.15-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2009-05-13 00:25:49 UTC 
slapi-nis-0.15-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2009-05-13 00:28:56 UTC 
slapi-nis-0.15-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.