Bug 1489694 - crash in send_ldap_result [rhel-7.4.z]
Summary: crash in send_ldap_result [rhel-7.4.z]
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.4
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Viktor Ashirov
Marc Muehlfeld
Depends On: 1461437
TreeView+ depends on / blocked
Reported: 2017-09-08 07:22 UTC by Oneata Mircea Teodor
Modified: 2020-09-10 11:20 UTC (History)
6 users (show)

Fixed In Version: 389-ds-base-
Doc Type: Bug Fix
Doc Text:
When a Directory Server plug-in runs an internal search, it passes the base search parameter to the core server. Previously, Directory Server did not check if this parameter was valid. As a consequence, if the base search was set to NULL, the core server terminated unexpectedly. The code has been updated. As a result, Directory Server no longer terminates unexpectedly if a plug-in uses an invalid base search parameter.
Clone Of: 1461437
Last Closed: 2017-10-19 15:11:57 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2932 0 normal SHIPPED_LIVE 389-ds-base bug fix update 2017-10-19 18:48:58 UTC

Description Oneata Mircea Teodor 2017-09-08 07:22:14 UTC
This bug has been copied from bug #1461437 and has been proposed to be backported to 7.4 z-stream (EUS).

Comment 4 Viktor Ashirov 2017-10-04 17:17:58 UTC
Build tested:

[1] To verify I configured slapi-nis plugin: 
# ldapadd -D "cn=Directory Manager" -w Secret123
dn: cn=NIS Server,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: NIS Server
nsslapd-pluginPath: /usr/lib64/dirsrv/plugins/nisserver-plugin.so
nsslapd-pluginInitfunc: nis_plugin_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-pluginDescription: NIS Server Plugin
nsslapd-pluginVendor: redhat.com
nsslapd-pluginVersion: 0.56 (betxn support available and enabled by default)
nsslapd-pluginId: nis-plugin
nis-tcp-wrappers-name: ypserv
nsslapd-pluginarg0: 541

dn: nis-domain=example.com+nis-map=groups,cn=NIS Server,cn=plugins,cn=config
objectClass: extensibleObject
objectClass: top
nis-domain: example.com
nis-map: groups
nis-base: ou=Groups, dc=example, dc=com
nis-filter: (objectClass=groupOfNames)
nis-key-format: %{cn}
nis-value-format: %merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")

adding new entry "cn=NIS Server,cn=plugins,cn=config"

adding new entry "nis-domain=example.com+nis-map=groups,cn=NIS Server,cn=plugins,cn=config"

[2] Added test entries:

# ldapadd -D "cn=Directory Manager" -w Secret123
dn: cn=tuser,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: top
objectClass: person
cn: tuser
sn: tuser
uid: tuser
gidNumber: 2000
homeDirectory: /home/tuser
uidNumber: 2000

dn: cn=tgroup,ou=Groups,dc=example,dc=com
objectClass: groupofnames
objectClass: top
cn: tgroup
member: cn=tuser,ou=People,dc=example,dc=com

adding new entry "cn=tuser,ou=People,dc=example,dc=com"

adding new entry "cn=tgroup,ou=Groups,dc=example,dc=com"

[3] Removed empty member attribute without server crashing:

# ldapmodify -D "cn=Directory Manager" -w Secret123
dn: cn=tgroup,ou=Groups,dc=example,dc=com
changetype: modify
replace: member
member: cn=tuser,ou=People,dc=example,dc=com

modifying entry "cn=tgroup,ou=Groups,dc=example,dc=com"

Marking as VERIFIED.

Comment 6 errata-xmlrpc 2017-10-19 15:11:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.