Bug 713340

Summary:	bash username completion crashes with ldap_result: Assertion `ld != ((void *)0)' failed.
Product:	Red Hat Enterprise Linux 5	Reporter:	John Newbigin <jn>
Component:	nss_ldap	Assignee:	Nalin Dahyabhai <nalin>
Status:	CLOSED DUPLICATE	QA Contact:	BaseOS QE Security Team <qe-baseos-security>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	5.6	CC:	jplans, prc
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-07-01 15:23:38 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description John Newbigin 2011-06-15 02:58:34 UTC

Description of problem:
When using bash username expansion ~j<tab>, if the ldap server drops the connectinon, bash will crash

Version-Release number of selected component (if applicable):
nss_ldap-253-37.el5.x86_64

How reproducible:
Every time

Steps to Reproduce:
0. Set up an ldap server with a short timeout (idletimeout 60)
1. Set up client which uses nss_ldap
2. Open bash window
3. start completion of a username by typing ~ and <tab>
4. Wait for the ldap server to timeout the connection
5. Press <tab> again
  
Actual results:
cd ~jbash: ../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld != ((void *)0)' failed.
Aborted (core dumped)


Expected results:
cd ~jnewbigin
[jnewbigin@server ~]$


Additional info:
Very simalar to #684889

Comment 1 John Newbigin 2011-06-15 02:59:33 UTC

Stack trace:

Core was generated by `bash -'.
Program terminated with signal 6, Aborted.
#0  0x0000003193030265 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x0000003193030265 in raise () from /lib64/libc.so.6
#1  0x0000003193031d10 in abort () from /lib64/libc.so.6
#2  0x00000031930296e6 in __assert_fail () from /lib64/libc.so.6
#3  0x00002b2f574af335 in ?? () from /lib64/libnss_ldap.so.2
#4  0x00002b2f574a2645 in ?? () from /lib64/libnss_ldap.so.2
#5  0x00002b2f574a39cf in _nss_ldap_ent_context_release () from /lib64/libnss_ldap.so.2
#6  0x00002b2f574a4885 in _nss_ldap_endpwent () from /lib64/libnss_ldap.so.2
#7  0x00000031930e5249 in __nss_endent () from /lib64/libc.so.6
#8  0x000000319309946a in endpwent () from /lib64/libc.so.6
#9  0x0000000000473961 in rl_username_completion_function ()
#10 0x00000000004721da in rl_completion_matches ()
#11 0x000000000044ea49 in bash_default_completion ()
#12 0x000000000044f1bb in ?? ()
#13 0x0000000000472270 in ?? ()
#14 0x000000000047340f in rl_complete_internal ()
#15 0x000000000046cab7 in _rl_dispatch_subseq ()
#16 0x000000000046d137 in readline_internal_char ()
#17 0x000000000046d4e5 in readline ()
#18 0x00000000004213cf in ?? ()
#19 0x000000000041d685 in ?? ()
#20 0x000000000041e89e in ?? ()
#21 0x00000000004218dc in yyparse ()
#22 0x000000000041b507 in parse_command ()
#23 0x000000000041b5c6 in read_command ()
#24 0x000000000041b74e in reader_loop ()
#25 0x000000000041b2aa in main ()

Comment 2 Nalin Dahyabhai 2011-06-29 17:45:20 UTC

I agree that there's a good chance that this is a duplicate of bug #684889 (the part that corresponds to upstream's #350).  If so, it should be fixed by the version of the package in the 5.7 beta channel.  Have you had a chance to check if that version fixes this for you?

Comment 3 John Newbigin 2011-06-30 23:40:48 UTC

I have tested nss_ldap-253-42.el5.x86_64.rpm (from the beta channel) and it does indeed fix the problem.

Comment 4 Nalin Dahyabhai 2011-07-01 15:23:38 UTC

Great!  I'll mark this as a duplicate, then.

*** This bug has been marked as a duplicate of bug 684889 ***