Bug 698921
| Summary: | ldapadd crashes on x86_64 with specific ldifs | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Ondrej Moriš <omoris> | |
| Component: | openldap | Assignee: | Jan Vcelak <jvcelak> | |
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 6.1 | CC: | jplans, jvcelak, ovasik, rvokal, tsmetana | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | openldap-2.4.23-16.el6 | Doc Type: | Bug Fix | |
| Doc Text: |
- pass LDIF input file to any openldap client tool (e.g. ldapadd) while the file is not terminated by newline character
- the client crashes with segmentation fault
- the unusual situation is now handled by to tools
- requested operation succeeds and the tool does not crash
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 716858 (view as bug list) | Environment: | ||
| Last Closed: | 2011-12-06 12:12:27 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 716858 | |||
| Attachments: | ||||
Created attachment 494152 [details]
User and base data without a new line at the end, crash.
Created attachment 494153 [details]
Base data without a new line at the end, no crash.
Created attachment 494154 [details]
User data without a new line at the end, crash.
Fix included in openldap-2.4.23-16.el6
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
- pass LDIF input file to any openldap client tool (e.g. ldapadd) while the file is not terminated by newline character
- the client crashes with segmentation fault
- the unusual situation is now handled by to tools
- requested operation succeeds and the tool does not crash
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1514.html |
Created attachment 494151 [details] Base data without a new line at the end, no crash. Description of a problem: Client tool ldapadd crashed (or hang) with specific ldifs (attached dataB.ldif, dataA.ldif). It is cause by no new line in the end of these ldifs, if you add a new line at the end, ldapadd will not crash. The curious thing is here is that ldapadd does not need a new line in ldif file in general (attached base.ldif), but if it is missing in a certain ldif, it will cause crash. It is no hard to see that there is not Version-Release number of selected component (if applicable): openldap-2.4.19-15.el6_0.2 openldap-2.4.23-15.el6 How reproducible: Always on x86_64, never on the other archs (i386, s390x, ppc64). Steps to Reproduce: 1. Start slapd service using attached slapd.conf. 2A. ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w x -f base.ldif ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w x -f dataB.ldif 2B. ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w x -f dataA.ldif Actual results: 2A. adding new entry "dc=my-domain, dc=com" adding new entry "cn=B,dc=my-domain,dc=com" *** glibc detected *** ldapadd: munmap_chunk(): invalid pointer: 0x00000000023a3018 *** ======= Backtrace: ========= /lib64/libc.so.6[0x36e0875716] ldapadd[0x404364] /lib64/libc.so.6(__libc_start_main+0xfd)[0x36e081ec9d] ldapadd[0x403759] ======= Memory map: ======== 00400000-00412000 r-xp 00000000 fd:00 2907213 /usr/bin/ldapmodify 00612000-00613000 rw-p 00012000 fd:00 2907213 /usr/bin/ldapmodify 02398000-023b9000 rw-p 00000000 00:00 0 [heap] 35ba400000-35ba407000 r-xp 00000000 fd:00 2228527 /lib64/libcrypt-2.12.so 35ba407000-35ba607000 ---p 00007000 fd:00 2228527 /lib64/libcrypt-2.12.so 35ba607000-35ba608000 r--p 00007000 fd:00 2228527 /lib64/libcrypt-2.12.so 35ba608000-35ba609000 rw-p 00008000 fd:00 2228527 /lib64/libcrypt-2.12.so 35ba609000-35ba637000 rw-p 00000000 00:00 0 35bd000000-35bd019000 r-xp 00000000 fd:00 2901547 /usr/lib64/libsasl2.so.2.0.23 35bd019000-35bd219000 ---p 00019000 fd:00 2901547 /usr/lib64/libsasl2.so.2.0.23 35bd219000-35bd21a000 rw-p 00019000 fd:00 2901547 /usr/lib64/libsasl2.so.2.0.23 36e0000000-36e0020000 r-xp 00000000 fd:00 2228226 /lib64/ld-2.12.so 36e021f000-36e0220000 r--p 0001f000 fd:00 2228226 /lib64/ld-2.12.so 36e0220000-36e0221000 rw-p 00020000 fd:00 2228226 /lib64/ld-2.12.so 36e0221000-36e0222000 rw-p 00000000 00:00 0 36e0400000-36e0402000 r-xp 00000000 fd:00 2228248 /lib64/libdl-2.12.so 36e0402000-36e0602000 ---p 00002000 fd:00 2228248 /lib64/libdl-2.12.so 36e0602000-36e0603000 r--p 00002000 fd:00 2228248 /lib64/libdl-2.12.so 36e0603000-36e0604000 rw-p 00003000 fd:00 2228248 /lib64/libdl-2.12.so 36e0800000-36e0987000 r-xp 00000000 fd:00 2228242 /lib64/libc-2.12.so 36e0987000-36e0b87000 ---p 00187000 fd:00 2228242 /lib64/libc-2.12.so 36e0b87000-36e0b8b000 r--p 00187000 fd:00 2228242 /lib64/libc-2.12.so 36e0b8b000-36e0b8c000 rw-p 0018b000 fd:00 2228242 /lib64/libc-2.12.so 36e0b8c000-36e0b91000 rw-p 00000000 00:00 0 36e0c00000-36e0c17000 r-xp 00000000 fd:00 2228244 /lib64/libpthread-2.12.so 36e0c17000-36e0e17000 ---p 00017000 fd:00 2228244 /lib64/libpthread-2.12.so 36e0e17000-36e0e18000 r--p 00017000 fd:00 2228244 /lib64/libpthread-2.12.so 36e0e18000-36e0e19000 rw-p 00018000 fd:00 2228244 /lib64/libpthread-2.12.so 36e0e19000-36e0e1d000 rw-p 00000000 00:00 0 36e1400000-36e1415000 r-xp 00000000 fd:00 2228246 /lib64/libz.so.1.2.3 36e1415000-36e1614000 ---p 00015000 fd:00 2228246 /lib64/libz.so.1.2.3 36e1614000-36e1615000 rw-p 00014000 fd:00 2228246 /lib64/libz.so.1.2.3 36e2000000-36e2016000 r-xp 00000000 fd:00 2228276 /lib64/libgcc_s-4.4.5-20110214.so.1 36e2016000-36e2215000 ---p 00016000 fd:00 2228276 /lib64/libgcc_s-4.4.5-20110214.so.1 36e2215000-36e2216000 rw-p 00015000 fd:00 2228276 /lib64/libgcc_s-4.4.5-20110214.so.1 36e2c00000-36e2c16000 r-xp 00000000 fd:00 2228284 /lib64/libresolv-2.12.so 36e2c16000-36e2e16000 ---p 00016000 fd:00 2228284 /lib64/libresolv-2.12.so 36e2e16000-36e2e17000 r--p 00016000 fd:00 2228284 /lib64/libresolv-2.12.so 36e2e17000-36e2e18000 rw-p 00017000 fd:00 2228284 /lib64/libresolv-2.12.so 36e2e18000-36e2e1a000 rw-p 00000000 00:00 0 7fbbd68e4000-7fbbd68e9000 r-xp 00000000 fd:00 2228252 /lib64/libnss_dns-2.12.so 7fbbd68e9000-7fbbd6ae8000 ---p 00005000 fd:00 2228252 /lib64/libnss_dns-2.12.so 7fbbd6ae8000-7fbbd6ae9000 r--p 00004000 fd:00 2228252 /lib64/libnss_dns-2.12.so 7fbbd6ae9000-7fbbd6aea000 rw-p 00005000 fd:00 2228252 /lib64/libnss_dns-2.12.so 7fbbd6aea000-7fbbd6af6000 r-xp 00000000 fd:00 2228254 /lib64/libnss_files-2.12.so 7fbbd6af6000-7fbbd6cf5000 ---p 0000c000 fd:00 2228254 /lib64/libnss_files-2.12.so 7fbbd6cf5000-7fbbd6cf6000 r--p 0000b000 fd:00 2228254 /lib64/libnss_files-2.12.so 7fbbd6cf6000-7fbbd6cf7000 rw-p 0000c000 fd:00 2228254 /lib64/libnss_files-2.12.so 7fbbd6cf7000-7fbbd6cfc000 rw-p 00000000 00:00 0 7fbbd6cfc000-7fbbd6d59000 r-xp 00000000 fd:00 2228554 /lib64/libfreebl3.so 7fbbd6d59000-7fbbd6f58000 ---p 0005d000 fd:00 2228554 /lib64/libfreebl3.so 7fbbd6f58000-7fbbd6f5a000 rw-p 0005c000 fd:00 2228554 /lib64/libfreebl3.so 7fbbd6f5a000-7fbbd6f5f000 rw-p 00000000 00:00 0 7fbbd6f5f000-7fbbd6f97000 r-xp 00000000 fd:00 2228306 /lib64/libnspr4.so 7fbbd6f97000-7fbbd7197000 ---p 00038000 fd:00 2228306 /lib64/libnspr4.so 7fbbd7197000-7fbbd7199000 rw-p 00038000 fd:00 2228306 /lib64/libnspr4.so 7fbbd7199000-7fbbd719d000 rw-p 00000000 00:00 0 7fbbd719d000-7fbbd71a1000 r-xp 00000000 fd:00 2228308 /lib64/libplc4.so 7fbbd71a1000-7fbbd73a0000 ---p 00004000 fd:00 2228308 /lib64/libplc4.so 7fbbd73a0000-7fbbd73a1000 rw-p 00003000 fd:00 2228308 /lib64/libplc4.so 7fbbd73a1000-7fbbd73a4000 r-xp 00000000 fd:00 2228312 /lib64/libplds4.so 7fbbd73a4000-7fbbd75a3000 ---p 00003000 fd:00 2228312 /lib64/libplds4.so 7fbbd75a3000-7fbbd75a4000 rw-p 00002000 fd:00 2228312 /lib64/libplds4.so 7fbbd75a4000-7fbbd75be000 r-xp 00000000 fd:00 2899283 /usr/lib64/libnssutil3.so 7fbbd75be000-7fbbd77bd000 ---p 0001a000 fd:00 2899283 /usr/lib64/libnssutil3.so 7fbbd77bd000-7fbbd77c3000 rw-p 00019000 fd:00 2899283 /usr/lib64/libnssutil3.so 7fbbd77c3000-7fbbd77c4000 rw-p 00000000 00:00 0 7fbbd77c4000-7fbbd78f7000 r-xp 00000000 fd:00 2899487 /usr/lib64/libnss3.so 7fbbd78f7000-7fbbd7af7000 ---p 00133000 fd:00 2899487 /usr/lib64/libnss3.so 7fbbd7af7000-7fbbd7afe000 rw-p 00133000 fd:00 2899487 /usr/lib64/libnss3.so 7fbbd7afe000-7fbbd7aff000 rw-p 00000000 00:00 0 7fbbd7aff000-7fbbd7b27000 r-xp 00000000 fd:00 2899469 /usr/lib64/libsmime3.so 7fbbd7b27000-7fbbd7d27000 ---p 00028000 fd:00 2899469 /usr/lib64/libsmime3.soreproducer.sh: line 10: 26554 Aborted (core dumped) ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w 2B. adding new entry "dc=my-domain, dc=com" *** glibc detected *** ldapadd: malloc(): memory corruption: 0x00000000023cde60 *** (hang) Expected results: No crashes, no hangs, users are added correctly.