Bug 1092342 - nsslapd-ndn-cache-max-size accepts any invalid value.
Summary: nsslapd-ndn-cache-max-size accepts any invalid value.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: x86_64
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-04-29 06:25 UTC by Amita Sharma
Modified: 2015-03-05 09:34 UTC (History)
3 users (show)

Fixed In Version: 389-ds-base-1.3.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:34:30 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0416 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Amita Sharma 2014-04-29 06:25:05 UTC
Description of problem:
nsslapd-ndn-cache-max-size accepts any invalid value.

Version-Release number of selected component (if applicable):
389-ds-base-1.3.1.6-25.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. ldapmodify -h localhost -p 389 -D "cn=directory manager" -w ***** <<EOF
dn: cn=config
changetype: modify
replace: nsslapd-ndn-cache-max-size
nsslapd-ndn-cache-max-size: ~
EOF

2. systemctl restart dirsrv@dhcp201-149


Actual results:
DS does not give any error and operation is successful.


Expected results:
Error is expected.

Comment 2 Noriko Hosoi 2014-04-29 17:04:59 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/47790

Comment 3 Noriko Hosoi 2014-04-29 17:16:03 UTC
https://fedorahosted.org/389/ticket/47790#comment:1
The input string "value" is converted to long integer by atol, which does not check the error, but returns 0 when the input is invalid. The set function then adjusts the size to the default size, and it returns SUCCESS. I think this is the right behaviour. Probably, we could log it in the error log, but I don't think we need to return an error there.

int
config_set_ndn_cache_max_size(const char *attrname, char *value, char *errorbuf, int apply )
{
    [...]
    size = atol(value);
    if(size < 0){
        size = 0; /* same as -1 */
    }

Comment 4 mreynolds 2014-07-15 19:58:09 UTC
Fixed upstream

Comment 6 Sankar Ramalingam 2015-01-13 18:44:48 UTC
Ldapmodify rejects the invalid value. Hence, marking the bug as verified.

[root@mgmt7 export]# ldapmodify -x -p 8739 -D "cn=Directory Manager" -w Secret123 -h localhost << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-ndn-cache-max-size
> nsslapd-ndn-cache-max-size: ~
> EOF
modifying entry "cn=config"
ldap_modify: Operations error (1)
	additional info: (nsslapd-ndn-cache-max-size) value (~) is invalid

Comment 8 errata-xmlrpc 2015-03-05 09:34:30 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html


Note You need to log in before you can comment on or make changes to this bug.