Bug 584109

Summary: Slapd crashes while parsing DNA configuration
Product: [Retired] 389 Reporter: Endi Sukma Dewata <edewata>
Component: Server - DNA Plug-inAssignee: Nathan Kinder <nkinder>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: high Docs Contact:
Priority: high    
Version: 1.2.6CC: jgalipea, nhosoi, nkinder, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 17:07:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 434914, 543590    
Attachments:
Description Flags
0001-Bug-584109-Slapd-crashes-while-parsing-DNA-configura.patch rmeggins: review+

Description Endi Sukma Dewata 2010-04-20 19:08:29 UTC 
In the dna_parse_config_entry() the shared_cfg_base will be freed twice: once by slapi_ch_free_string(&value) in that method and another by slapi_ch_free_string(&e->shared_cfg_base) in dna_free_config_entry(). This is causing slapd to crash.

This problem can be reproduced consistently by provisioning Samba with DS backend.
The provisioning tool generates certain DNA configuration that triggers this problem.
Comment 1 Endi Sukma Dewata 2010-04-20 19:27:20 UTC 
Created attachment 407908 [details]
0001-Bug-584109-Slapd-crashes-while-parsing-DNA-configura.patch

The dna_parse_config_entry() has been modified to duplicate the shared_cfg_base value to avoid freeing the same memory location twice.
Comment 2 Rich Megginson 2010-04-20 19:36:08 UTC 
To ssh://git.fedorahosted.org/git/389/ds.git
   b632c9f..341664f  Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch
commit 341664fad1fbb0b5bebb31496d862cb02df843dd
Author: Endi S. Dewata <edewata>
Date:   Sun Apr 18 04:29:41 2010 -0500
   acf2c6b..2889536  master -> master
commit 288953655c3af087c82007d630cf8fb6558e9a9e
Author: Endi S. Dewata <edewata>
Date:   Sun Apr 18 04:29:41 2010 -0500
Comment 3 Jenny Severance 2010-05-14 15:12:09 UTC 
Can you please add steps to reproduce with Directory Server only? Thanks
Comment 4 Endi Sukma Dewata 2010-05-14 17:20:13 UTC 
Based on the patch, the problem happens when dnaSharedCfgDn configuration is being processed. The following steps should reproduce the problem (if it still exists):

1. Create a DS instance with dc=example,dc=com suffix.
2. Add the following entries:

dn: ou=Ranges,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Ranges

dn: cn=User IDs,ou=Ranges,dc=example,dc=com
objectClass: top
objectClass: nsContainer
cn: User IDs

3. Add the following DNA configuration as follows:

dn: cn=User IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: User IDs
dnaType: uid
dnaMagicRegen: 0
dnaFilter: (objectClass=inetOrgPerson)
dnaScope: dc=example,dc=com
dnaNextValue: 100
dnaSharedCfgDn: cn=User IDs,ou=Ranges,dc=example,dc=com
dnaPrefix: user

4. Enable DNA plugin with ldapmodify:

dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
-

5. Restart the instance, the slapd would crash.
Comment 5 Jenny Severance 2010-05-14 19:57:09 UTC 
post check in of this fix .. all DNA automated tests passing - 8 different configurations using dnaSharedCfgDn.  Previous testing after regression introduced DNA tests were failing.

marking bug verified.