Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/389/ticket/47808 Thanks to Mark for finding out this problem. (Note: 1.2.11 does not have this bug.) {{{ Mark Reynolds wrote: > steps to reproduce: > > ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w $PW -a <<EOF > dn: cn=attribute uniqueness,cn=plugins,cn=config > changetype: modify > replace: nsslapd-pluginEnabled > nsslapd-pluginEnabled: on > - > replace: nsslapd-pluginarg0 > nsslapd-pluginarg0: sn > - > replace: nsslapd-pluginarg1 > nsslapd-pluginarg1: dc=example,dc=com > EOF > > 3. Add user: > ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w $PW -a <<EOF > dn: cn=tuser1,ou=people,dc=example,dc=com > objectclass: person > objectclass: top > sn: tuser1 > cn: tuser1 > EOF > > 4. Restart server > > 5. Add user with value 'sn' equal to value of sn of cn=tuser1: > ldapmodify -h $HOST -p $PORT -D "cn=directory manager" -w $PW -a <<EOF > dn: cn=tuser2,ou=people,dc=example,dc=com > objectclass: person > objectclass: top > sn: tuser1 > cn: tuser2 > > --> Add is rejected by the attr uniqueness plugin > > Crash! > > #0 0x00007f605b554c39 in __GI_raise (sig=sig@entry=6) > at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 > #1 0x00007f605b556348 in __GI_abort () at abort.c:89 > #2 0x00007f605b594d04 in __libc_message (do_abort=do_abort@entry=2, > fmt=fmt@entry=0x7f605b69b528 "*** Error in `%s': %s: 0x%s ***\n") > at ../sysdeps/posix/libc_fatal.c:175 > #3 0x00007f605b59bff8 in malloc_printerr (ptr=<optimized out>, > str=0x7f605b698cd7 "free(): invalid pointer", action=3) at malloc.c:4930 > #4 _int_free (av=0x7f605b8d7760 <main_arena>, p=<optimized out>, have_lock=0) > at malloc.c:3782 > #5 0x00007f605dd41302 in slapi_ch_free (ptr=0x7f6028001198) > at ../ds/ldap/servers/slapd/ch_malloc.c:363 > #6 0x00007f605dd4cc3d in slapi_sdn_done (sdn=0x7f6028001190) > at ../ds/ldap/servers/slapd/dn.c:2332 > #7 0x00007f605dd58be3 in slapi_entry_free (e=0x7f6028001190) > at ../ds/ldap/servers/slapd/entry.c:2044 > #8 0x00007f605dd3606d in op_shared_add (pb=0x7f60467fbb10) > at ../ds/ldap/servers/slapd/add.c:800 > #9 0x00007f605dd34d2e in do_add (pb=0x7f60467fbb10) > at ../ds/ldap/servers/slapd/add.c:258 > #10 0x0000000000416034 in connection_dispatch_operation (conn=0x7f605e167410, > op=0xb36330, pb=0x7f60467fbb10) at ../ds/ldap/servers/slapd/connection.c:645 > #11 0x0000000000418043 in connection_threadmain () > at ../ds/ldap/servers/slapd/connection.c:2534 > #12 0x00007f605c15be2b in _pt_root (arg=0x8acae0) > at ../../../nspr/pr/src/pthreads/ptthread.c:212 > #13 0x00007f605bafbf33 in start_thread (arg=0x7f60467fc700) at pthread_create.c:309 > #14 0x00007f605b613ded in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 > > > valgrind(also attached): > > ==14540== Invalid read of size 8 > ==14540== at 0x4EA581F: factory_destroy_extension (factory.c:367) > ==14540== by 0x4E9CBD6: slapi_entry_free (entry.c:2043) > ==14540== by 0x4E7A06C: op_shared_add (add.c:800) > ==14540== by 0x4E78D2D: do_add (add.c:258) > ==14540== by 0x416033: connection_dispatch_operation (connection.c:645) > ==14540== by 0x418042: connection_threadmain (connection.c:2534) > ==14540== by 0x6B2FE2A: _pt_root (ptthread.c:212) > ==14540== by 0x716EF32: start_thread (pthread_create.c:309) > ==14540== by 0x768EDEC: clone (clone.S:111) > ==14540== Address 0xeb85910 is 160 bytes inside a block of size 184 free'd > ==14540== at 0x4C28577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==14540== by 0x4E85301: slapi_ch_free (ch_malloc.c:363) > ==14540== by 0x4E9CCA6: slapi_entry_free (entry.c:2057) > ==14540== by 0x10BE7225: backentry_free (backentry.c:57) > ==14540== by 0x10BE9801: entrycache_return (cache.c:1159) > ==14540== by 0x10BE96A7: cache_return (cache.c:1132) > ==14540== by 0x10C25E65: ldbm_back_add (ldbm_add.c:1268) > ==14540== by 0x4E79E09: op_shared_add (add.c:735) > ==14540== by 0x4E78D2D: do_add (add.c:258) > ==14540== by 0x416033: connection_dispatch_operation (connection.c:645) > ==14540== by 0x418042: connection_threadmain (connection.c:2534) > ==14540== by 0x6B2FE2A: _pt_root (ptthread.c:212) > ==14540== by 0x716EF32: start_thread (pthread_create.c:309) > ==14540== by 0x768EDEC: clone (clone.S:111) }}}
$ rpm -qa | grep 389 389-ds-base-1.3.3.1-9.el7.x86_64 389-ds-base-debuginfo-1.3.3.1-9.el7.x86_64 389-ds-base-libs-1.3.3.1-9.el7.x86_64 I went through verification steps mentioned in description. On last step add is rejected by the attr uniqueness plugin, but server didn't crash: $ ldapmodify -h localhost -p 389 -D 'cn=directory manager' -w Secret123 [snip] adding new entry "cn=tuser2,ou=people,dc=example,dc=com" ldap_add: Constraint violation (19) additional info: Another entry with the same attribute value already exists (attribute: "sn") $ pgrep ns-slapd 13263 Hence marking as VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html