| Summary: | ldapcmp crashes on large attribute diffs | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Martin Poole <mpoole> | ||||||
| Component: | mozldap | Assignee: | Rich Megginson <rmeggins> | ||||||
| Status: | CLOSED WONTFIX | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
| Severity: | urgent | Docs Contact: | |||||||
| Priority: | urgent | ||||||||
| Version: | 5.6 | CC: | benl, cww, dpal, jwest, kevinu, msolberg, plyons, rnelson, syeghiay | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 670906 (view as bug list) | Environment: | |||||||
| Last Closed: | 2011-07-07 16:58:46 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 670906 | ||||||||
| Attachments: |
|
||||||||
Created attachment 478890 [details]
print all diffs direct
The patch just attached is to modify the cmp_attr routine to simply print all differences directly to stdout rather than trying to construct buffers to be returned. I think that there is the only one way to determine which path to choose - ask the customer. Can GSS build the utility with the patch and give it to the customer and see whether the customer likes the result? If the result is sufficient for them we (dev) will accept the patch and do a hotfix build for them. If the patch is still not enough I suggest you (GSS) taking a stab at a "proper" solution and going through the same cycle: giving it to the customer and then if the customer is satisfied we (dev) will accept is and provide a blessed build. |
Created attachment 474307 [details] large attribute object ldif Description of problem: ldapcmp crashes when comparing two attributes that require more than 1000 characters to print their values. It also crashes if the total differences in an object require more than 5000 characters to display. Version-Release number of selected component (if applicable): mozldap-tools-6.0.5-1.el5 How reproducible: always Steps to Reproduce: load attached cmpcrash.ldif into one server load slightly modified version (one char in description) into second server. ldapcmp -b cn=cmpcrash,dc=example,dc=com -h server1 -h server2 Actual results: *** buffer overflow detected ***: /usr/lib/mozldap/ldapcmp terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x21f431] /lib/libc.so.6[0x21e807] /usr/lib/mozldap/ldapcmp[0x804aa23] /usr/lib/mozldap/ldapcmp[0x804b209] /lib/libc.so.6(__libc_start_main+0xdc)[0x14ee9c] /usr/lib/mozldap/ldapcmp(__gxx_personality_v0+0xbd)[0x804a2c1] ======= Memory map: ======== 00110000-00137000 r-xp 00000000 fc:00 454758 /lib/libm-2.5.so 00137000-00138000 r-xp 00026000 fc:00 454758 /lib/libm-2.5.so 00138000-00139000 rwxp 00027000 fc:00 454758 /lib/libm-2.5.so 00139000-0028c000 r-xp 00000000 fc:00 454750 /lib/libc-2.5.so 0028c000-0028e000 r-xp 00152000 fc:00 454750 /lib/libc-2.5.so 0028e000-0028f000 rwxp 00154000 fc:00 454750 /lib/libc-2.5.so 0028f000-00292000 rwxp 0028f000 00:00 0 00292000-00296000 r-xp 00000000 fc:00 554997 /usr/lib/sasl2/libplain.so.2.0.22 00296000-00297000 rwxp 00003000 fc:00 554997 /usr/lib/sasl2/libplain.so.2.0.22 00297000-003c1000 r-xp 00000000 fc:00 454931 /lib/libcrypto.so.0.9.8e 003c1000-003d4000 rwxp 00129000 fc:00 454931 /lib/libcrypto.so.0.9.8e 003d4000-003d8000 rwxp 003d4000 00:00 0 003d8000-004b3000 r-xp 00000000 fc:00 555007 /usr/lib/sasl2/libsasldb.so.2.0.22 004b3000-004b5000 rwxp 000db000 fc:00 555007 /usr/lib/sasl2/libsasldb.so.2.0.22 004b5000-004bb000 r-xp 00000000 fc:00 555019 /usr/lib/sasl2/libgssapiv2.so.2.0.22 004bb000-004bc000 rwxp 00006000 fc:00 555019 /usr/lib/sasl2/libgssapiv2.so.2.0.22 004bc000-004e9000 r-xp 00000000 fc:00 500993 /usr/lib/libgssapi_krb5.so.2.2 004e9000-004ea000 rwxp 0002d000 fc:00 500993 /usr/lib/libgssapi_krb5.so.2.2 004ea000-0057d000 r-xp 00000000 fc:00 499851 /usr/lib/libkrb5.so.3.3 0057d000-00580000 rwxp 00092000 fc:00 499851 /usr/lib/libkrb5.so.3.3 00580000-005a6000 r-xp 00000000 fc:00 499572 /usr/lib/libk5crypto.so.3.1 005a6000-005a7000 rwxp 00025000 fc:00 499572 /usr/lib/libk5crypto.so.3.1 005a7000-005a9000 r-xp 00000000 fc:00 454811 /lib/libcom_err.so.2.1 005a9000-005aa000 rwxp 00001000 fc:00 454811 /lib/libcom_err.so.2.1 005aa000-005b2000 r-xp 00000000 fc:00 495299 /usr/lib/libkrb5support.so.0.1 005b2000-005b3000 rwxp 00007000 fc:00 495299 /usr/lib/libkrb5support.so.0.1 005b3000-005b5000 r-xp 00000000 fc:00 456535 /lib/libkeyutils-1.2.so 005b5000-005b6000 rwxp 00001000 fc:00 456535 /lib/libkeyutils-1.2.so 005b6000-005ba000 r-xp 00000000 fc:00 554993 /usr/lib/sasl2/liblogin.so.2.0.22 005ba000-005bb000 rwxp 00003000 fc:00 554993 /usr/lib/sasl2/liblogin.so.2.0.22 005bb000-005c5000 r-xp 00000000 fc:00 454794 /lib/libnss_files-2.5.so 005c5000-005c6000 r-xp 00009000 fc:00 454794 /lib/libnss_files-2.5.so 005c6000-005c7000 rwxp 0000a000 fc:00 454794 /lib/libnss_files-2.5.so 005c7000-005cb000 r-xp 00000000 fc:00 454756 /lib/libnss_dns-2.5.so 005cb000-005cc000 r-xp 00003000 fc:00 454756 /lib/libnss_dns-2.5.so 005cc000-005cd000 rwxp 00004000 fc:00 454756 /lib/libnss_dns-2.5.so 006ae000-006c9000 r-xp 00000000 fc:00 454748 /lib/ld-2.5.so 006c9000-006ca000 r-xp 0001a000 fc:00 454748 /lib/ld-2.5.so 006ca000-006cb000 rwxp 0001b000 fc:00 454748 /lib/ld-2.5.so 00789000-0078d000 r-xp 00000000 fc:00 554724 /usr/lib/sasl2/libanonymous.so.2.0.22 0078d000-0078e000 rwxp 00003000 fc:00 554724 /usr/lib/sasl2/libanonymous.so.2.0.22 007f4000-007fd000 r-xp 00000000 fc:00 496656 /usr/lib/libssldap60.so 007fd000-007fe000 rwxp 00009000 fc:00 496656 /usr/lib/libssldap60.so 00828000-0082b000 r-xp 00000000 fc:00 454768 /lib/libdl-2.5.so 0082b000-0082c000 r-xp 00002000 fc:00 454768 /lib/libdl-2.5.so 0082c000-0082d000 rwxp 00003000 fc:00 454768 /lib/libdl-2.5.so 0082f000-00844000 r-xp 00000000 fc:00 454754 /lib/libpthread-2.5.so 00844000-00845000 r-xp 00015000 fc:00 454754 /lib/libpthread-2.5.so 00845000-00846000 rwxp 00016000 fc:00 454754 /lib/libpthread-2.5.so 00846000-00848000 rwxp 00846000 00:00 0 0084a000-0085c000 r-xp 00000000 fc:00 495184 /usr/lib/libz.so.1.2.3 00Aborted Expected results: DN:cn=cmpcrash,dc=example,dc=com cn=cmpcrash,dc=example,dc=com different: description 1: This is a very long attribute designed to crash the ldapcmproutine, and as long as I have at least 500 characters in this descriptionit will crash due to the use of a fixed size buffer of 1000 charactersin the cmp_attrs routine to display both attributes.There is also a problem if the total diffs between a pair of objects exceedsa total of 5000 characters due to a different fixed-size buffer.and the padding data which we tweak between servers.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 2: This is a very long attribute designed to crash the ldapcmproutine, and as long as I have at least 500 characters in this descriptionit will crash due to the use of a fixed size buffer of 1000 charactersin the cmp_attrs routine to display both attributes.There is also a problem if the total diffs between a pair of objects exceedsa total of 5000 characters due to a different fixed-size buffer.and the padding data which we tweak between servers. version b. Additional info: This is due to the use of fixed sized buffers in cmp_attrs()