Bug 1748016 - ns-slapd crashes during ldapi search
Summary: ns-slapd crashes during ldapi search
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: 389-ds-base
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.2
Assignee: mreynolds
QA Contact: RHDS QE
Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-09-02 13:29 UTC by Viktor Ashirov
Modified: 2020-09-13 22:22 UTC (History)
8 users (show)

Fixed In Version: 389-ds-base-1.4.2.4-1.module+el8.2.0+4699+cf2da360
Doc Type: Bug Fix
Doc Text:
.Directory Server instance names can now have up to 103 characters When an LDAP client establishes a connection to Directory Server, the server stores information related to the client address in a local buffer. Previously, the size of this buffer was too small to store an LDAPI path name longer than 46 characters. For example, this is the case if name of the Directory Server instance is too long. As a consequence, the server terminated unexpectedly due to an buffer overflow. This update increases the buffer size to the maximum size the Netscape Portable Runtime (NSPR) library supports for the path name. As a result, Directory Server no longer crashes in the mentioned scenario. Note that due to the limitation in the NSPR library, an instance name can be maximum 103 characters.
Clone Of:
Environment:
Last Closed: 2020-04-28 16:01:22 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 3637 None None None 2020-09-13 22:22:58 UTC
Red Hat Product Errata RHBA-2020:1703 None None None 2020-04-28 16:01:43 UTC

Description Viktor Ashirov 2019-09-02 13:29:26 UTC
Description of problem:
After bz1715675 ns-slapd crashes, if the instance name is longer than 34 symbols and it is accessed over ldapi socket.

Version-Release number of selected component (if applicable):
389-ds-base-1.4.1.3-5.module+el8.1.0+3776+ece1ae4c.x86_64

How reproducible:
always

Steps to Reproduce:
1. dscreate with instance name longer than 34 symbols, for example 12345678901234567890123456789012345
2. ldapsearch -D cn=directory\ manager -w password -H ldapi://%2fvar%2frun%2fslapd-12345678901234567890123456789012345.socket -b cn=config


Actual results:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)                                                                                                                                         


Sep 02 10:48:22 server-f30.example.com ns-slapd[28472]: [02/Sep/2019:10:48:22.202346892 +0000] - INFO - slapd_daemon - Listening on /var/run/slapd-12345678901234567890123456789012345.socket >
Sep 02 10:48:22 server-f30.example.com systemd[1]: Started 389 Directory Server 12345678901234567890123456789012345..
Sep 02 10:48:26 server-f30.example.com ns-slapd[28472]: *** stack smashing detected ***: <unknown> terminated
Sep 02 10:48:26 server-f30.example.com ldapsearch[28512]: DIGEST-MD5 common mech free
Sep 02 10:48:26 server-f30.example.com systemd[1]: dirsrv@12345678901234567890123456789012345.service: Main process exited, code=killed, status=6/ABRT
Sep 02 10:48:26 server-f30.example.com systemd[1]: dirsrv@12345678901234567890123456789012345.service: Failed with result 'signal'.

Expected results:
No crash

Additional info:

Comment 2 thierry bordaz 2019-09-02 15:30:46 UTC
Upstream ticket:
https://pagure.io/389-ds-base/issue/50581

Comment 3 thierry bordaz 2019-09-17 15:13:00 UTC
Fix pushed upstream -> POST

Comment 5 Viktor Ashirov 2019-12-03 13:34:36 UTC
===================================================================== test session starts =====================================================================
platform linux -- Python 3.6.8, pytest-5.3.1, py-1.8.0, pluggy-0.13.1 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-5.3.12-300.fc31.x86_64-x86_64-with-redhat-8.2-Ootpa', 'Packages': {'pytest': '5.3.1', 'py': '1.8.0', 'pluggy': '0.13.1'}, 'Plugins': {'html': '2.0.1', 'metadata': '1.8.0'}}
389-ds-base: 1.4.2.4-4.module+el8.2.0+4930+d4051b3a
nss: 3.44.0-8.el8
nspr: 4.21.0-2.el8_0
openldap: 2.4.46-10.el8
cyrus-sasl: not installed
FIPS: disabled
rootdir: /workspace/ds/dirsrvtests, inifile: pytest.ini
plugins: html-2.0.1, metadata-1.8.0
collected 1 item                                                                                                                                              

dirsrvtests/tests/suites/basic/basic_test.py::test_dscreate_longname PASSED                                                                             [100%]

=============================================================== 1 passed, 10 warnings in 22.33s ===============================================================

Marking as VERIFIED.

Comment 11 errata-xmlrpc 2020-04-28 16:01:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1703


Note You need to log in before you can comment on or make changes to this bug.