Bug 601946

Summary: Slapd crashes during GER when ACI is missing a filter
Product: [Retired] 389 Reporter: Endi Sukma Dewata <edewata>
Component: Security - Access Control (GER)Assignee: Rich Megginson <rmeggins>
Status: CLOSED DUPLICATE QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: high    
Version: 1.2.6CC: andrey.ivanov, benl, jgalipea, nhosoi
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-14 19:03:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 434915, 576869    
Description Flags
scripts.tar.gz none

Description Endi Sukma Dewata 2010-06-08 22:03:26 UTC
Created attachment 422371 [details]

Slapd crashes during GER invocation when the LDAP URL for the bind rule in the ACI is missing a filter.

The following ACI's will crash slapd:

aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "GER";
  deny (search) (userdn="ldap:///dc=example,dc=com??sub"); )

aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "GER";
  deny (search) (userdn="ldap:///dc=example,dc=com??sub?"); )

The problem can be reproduced consistently on Solaris and RHEL.

To reproduce the problem, unpack the attached script and execute run.sh. It will execute the following operations:

1. Create slapd instance
2. Add entries
3. Configure ACI
4. Test GER 100 times

Slapd will crash in the first GER invocation. It will show the following message:

ldap_result: Can't contact LDAP server
FAIL: Error occured.

Comment 2 Noriko Hosoi 2010-09-14 18:43:51 UTC
I ran the attached script 5 times, but I could not reproduce the bug.  Most likely, the bug was a duplicate of this bug?

Bug 603942 - null deref in _ger_parse_control() for subjectdn

Comment 3 Noriko Hosoi 2010-09-14 19:03:13 UTC
Closing the bug for now.  Please reopen it if it's observed again.

*** This bug has been marked as a duplicate of bug 603942 ***