Bug 1483681 - Crash while binding to a server during replication online init
Summary: Crash while binding to a server during replication online init
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.4
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Viktor Ashirov
Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks: 1483865
TreeView+ depends on / blocked
 
Reported: 2017-08-21 17:26 UTC by mreynolds
Modified: 2020-09-13 22:02 UTC (History)
4 users (show)

Fixed In Version: 389-ds-base-1.3.7.5-4.el7
Doc Type: Bug Fix
Doc Text:
Directory Server now handles binds during an online initialization correctly During an online initialization from one Directory Server master to another, the master receiving the changes is temporarily set into a referral mode. While in this mode, the server only returns referrals. Previously, Directory Server incorrectly generated these bind referrals. As a consequence, the server could terminate unexpectedly in the mentioned scenario. With this update, the server correctly generates bind referrals. As a result, the server now correctly handles binds during an online initialization.
Clone Of:
: 1483865 (view as bug list)
Environment:
Last Closed: 2018-04-10 14:19:40 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 2415 0 None None None 2020-09-13 22:02:03 UTC
Red Hat Product Errata RHBA-2018:0811 0 None None None 2018-04-10 14:20:43 UTC

Description mreynolds 2017-08-21 17:26:00 UTC 
Description of problem:

Crash occurs when master A is initializing master B, and at that same time a user binds against master which can cause the server to crash.

Two faults were found in the handling of the mapping
tree of 389 directory server. The first fault was that the tree-free
check was not performed atomically and may cause an incorrect operations
error to be returned. The second was that during a total init the referral
would not lock the be, but the pw_verify code assumed a be was locked.
This caused a segfault.

Fix the freed check to use atomics. Fix the pw_verify
to assert be is NULL (which is correct, there is no backend).

Version-Release number of selected component (if applicable):

389-ds-base.1.3.6


How reproducible:

CI testcase: 

dirsrvtests/tests/suites/mapping_tree/referral_during_tot_init.py
Comment 2 mreynolds 2017-08-21 17:27:23 UTC 
Upstream ticket:

https://pagure.io/389-ds-base/issue/49356
Comment 5 Simon Pichugin 2017-11-13 14:29:18 UTC 
======================= test session starts =======================
platform linux -- Python 3.5.1, pytest-3.2.3, py-1.4.34, pluggy-0.4.0 -- /opt/rh/rh-python35/root/usr/bin/python3
cachedir: .cache
metadata: {'Packages': {'pluggy': '0.4.0', 'pytest': '3.2.3', 'py': '1.4.34'}, 'Plugins': {'metadata': '1.5.0', 'html': '1.16.0'}, 'Python': '3.5.1', 'Platform': 'Linux-3.10.0-768.el7.x86_64-x86_64-with-redhat-7.5-Maipo'}
389-ds-base: 1.3.7.5-9.el7
nss: 3.34.0-0.1.beta1.el7
nspr: 4.17.0-1.el7
openldap: 2.4.44-9.el7
svrcore: 4.1.3-2.el7

rootdir: /mnt/tests/rhds/tests/upstream/ds, inifile:
plugins: metadata-1.5.0, html-1.16.0
collected 1 item

dirsrvtests/tests/suites/mapping_tree/referral_during_tot_init.py::test_referral_during_tot PASSED

======================= 1 passed in 39.96 seconds =======================

Marking as VERIFIED.
Comment 12 errata-xmlrpc 2018-04-10 14:19:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0811
Note You need to log in before you can comment on or make changes to this bug.