Bug 679542

Summary: empty modify operation with repl on or lastmod off will crash server
Product: Red Hat Enterprise Linux 6 Reporter: Rich Megginson <rmeggins>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: high    
Version: 6.1CC: amsharma, benl, nkinder, security-response-team, shaines, vdanen
Target Milestone: rcKeywords: screened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.8-0.3.a3.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 675320 Environment:
Last Closed: 2011-05-19 08:42:00 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 675320    
Bug Blocks: 639035, 656390, 676876    

Comment 1 Rich Megginson 2011-02-23 21:35:40 EST
Vincent, can you remove the Security Sensitive Bug check?  It is preventing me from checking into CVS.
Comment 2 Vincent Danen 2011-02-24 11:11:00 EST
Seems that Huzaifa already did that, so you should be ok now.
Comment 5 Amita Sharma 2011-03-31 06:42:46 EDT
Hi, 

I am testing this bug to verify the fix.
I have 389, 1.2.8 and executed below steps :


1) You have to have a client capable of sending an empty modify request -
mozldap ldapmodify will not let you do this, but openldap ldapmodify will:

# /usr/bin/ldapmodify -x <<EOF
dn:

EOF

It will warn, but allow the modify through.

<Amita>
[root@amsharma reslimit]# ldapmodify -x -h localhost -p 1389 -D "cn=Directory Manager" -w pwd << EOF
dn:

EOF
modifying entry ""
</Amita>

2) You have to be using a server built with mozldap - servers built with
openldap will return an LDAP error when receiving an empty modify request

<Amita>
Sorry, I could not do this as mozldap is deprecated. 
</Amita>

3) Either the modify operation is replicated, or the server has set cn=config
nsslapd-lastmod: off

<Amita>
[root@amsharma reslimit]# ldapsearch -x -h localhost -p 1389 -D "cn=Directory Manager" -w pwd -b "cn=config" | grep nsslapd-lastmod
nsslapd-lastmod: on
[root@amsharma reslimit]# ldapmodify -x -h localhost -p 1389 -D "cn=Directory Manager" -w pwd << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-lastmod
> nsslapd-lastmod: off
> EOF
modifying entry "cn=config"

[root@amsharma reslimit]# ldapsearch -x -h localhost -p 1389 -D "cn=Directory Manager" -w pwd -b "cn=config" | grep nsslapd-lastmod
nsslapd-lastmod: off
[root@amsharma reslimit]#
</Amita>

If these conditions are met, the empty modify operation will crash the server.

<Amita>
Server was up and running, no crash found.
I am putting this bug as VERIFIED, please revert in case of any more actions required.
</Amita>
Comment 6 errata-xmlrpc 2011-05-19 08:42:00 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0533.html