RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1796558 - Memory leak in ACI using IP subject
Summary: Memory leak in ACI using IP subject
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.8
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: thierry bordaz
QA Contact: RHDS QE
Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks: 1788833 1803052 1862172
TreeView+ depends on / blocked
 
Reported: 2020-01-30 17:12 UTC by thierry bordaz
Modified: 2021-08-27 22:38 UTC (History)
7 users (show)

Fixed In Version: 389-ds-base-1.3.10.2-1.el7
Doc Type: Bug Fix
Doc Text:
.A memory leak has been fixed in Directory Server when using `ip` binding rules in an ACI with IPv6 The Access Control Instruction (ACI) context in Directory Server is attached to a connection and contains a structure for both the IPv4 and IPv6 protocol. Previously, when a client closed a connection, Directory Server removed the only IPv4 structure and the context. As a consequence, if an administrator configured an ACI with `ip` binding rule, Directory Server leaked memory of the IPv6 structure. With this update, the server frees both the IPv4 and IPv6 structures at the end of a connection. As a result, Directory Server no longer leaks memory in the mentioned scenario.
Clone Of:
: 1803052 1862172 (view as bug list)
Environment:
Last Closed: 2020-09-29 19:46:56 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 3911 0 None closed Memory leak in ACI using IP subject 2020-10-07 07:46:10 UTC
Red Hat Product Errata RHBA-2020:3894 0 None None None 2020-09-29 19:48:24 UTC

Description thierry bordaz 2020-01-30 17:12:47 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/389-ds-base/issue/50857

#### Issue Description
The leak is detected with ASAN build running dirsrvtests/tests/suites/acl/keywords_*


#### Package Version and Platform
All versions


#### Steps to reproduce

1. install ASAN build 
2. run dirsrvtests/tests/suites/acl/keywords_*
3.

#### Actual results

    =================================================================
    ==13615==ERROR: LeakSanitizer: detected memory leaks
    
    Direct leak of 88 byte(s) in 1 object(s) allocated from:
        #0 0x7f53ae6ecb78 in __interceptor_malloc (/lib64/libasan.so.5+0xefb78)
        #1 0x7f539f36783e in INTsystem_malloc_perm (/usr/lib64/dirsrv/libns-dshttpd-1.4.2.4.so+0x5983e)
        #2 0x7f539f350563 in LASIpTreeAllocNode lib/libaccess/lasip.cpp:181
        #3 0x7f539f3520fb in LASIpAddPatternIPv6 lib/libaccess/lasip.cpp:649
        #4 0x7f539f3520fb in LASIpBuild lib/libaccess/lasip.cpp:335
        #5 0x7f539f3520fb in LASIpEval lib/libaccess/lasip.cpp:531
        #6 0x7f539f3556d5 in ACLEvalAce(NSErr_s*, ACLEvalHandle*, ACLExprHandle*, unsigned long*, PListStruct_s**, PListStruct_s*) lib/libaccess/oneeval.cpp:215
        #7 0x7f539f357400 in ACL_INTEvalTestRights lib/libaccess/oneeval.cpp:752
        #8 0x7f539f35852d in ACL_EvalTestRights (/usr/lib64/dirsrv/libns-dshttpd-1.4.2.4.so+0x4a52d)
        #9 0x7f539f5c7e81 in acl__TestRights ldap/servers/plugins/acl/acl.c:3289
        #10 0x7f539f5d14ce in acl_access_allowed (/usr/lib64/dirsrv/plugins/libacl-plugin.so+0x224ce)
        #11 0x7f539f6049bb in acl_access_allowed_main ldap/servers/plugins/acl/aclplugin.c:371
        #12 0x7f53ae24ffea in plugin_call_acl_plugin (/usr/lib64/dirsrv/libslapd.so.0+0x1c3fea)
        #13 0x7f53ae250d7d in slapi_access_allowed (/usr/lib64/dirsrv/libslapd.so.0+0x1c4d7d)
        #14 0x7f539f5d4859 in acl_check_mods (/usr/lib64/dirsrv/plugins/libacl-plugin.so+0x25859)
        #15 0x7f53ae250252 in plugin_call_acl_mods_access (/usr/lib64/dirsrv/libslapd.so.0+0x1c4252)
        #16 0x7f539bc01f0e in ldbm_back_modify ldap/servers/slapd/back-ldbm/ldbm_modify.c:616
        #17 0x7f53ae20aa53 in op_shared_modify ldap/servers/slapd/modify.c:1021
        #18 0x7f53ae20ea0b in do_modify (/usr/lib64/dirsrv/libslapd.so.0+0x182a0b)
        #19 0x56130fb60e3d in connection_dispatch_operation ldap/servers/slapd/connection.c:638
        #20 0x56130fb60e3d in connection_threadmain ldap/servers/slapd/connection.c:1767
        #21 0x7f53aba54567  (/lib64/libnspr4.so+0x2b567)  


#### Expected results
Should not leak
Comment 2 thierry bordaz 2020-02-03 09:54:36 UTC 
Fix pushed upstream (master, 1.4.2, 1.4.1, 1.4.0, 1.3.10) => POST
Comment 3 thierry bordaz 2020-02-07 10:26:36 UTC 
An other BZ/ticket also fixes another ACI/IP leak: https://bugzilla.redhat.com/show_bug.cgi?id=1769418 / https://pagure.io/389-ds-base/issue/50709
Comment 8 Viktor Ashirov 2020-03-20 13:01:28 UTC 
============================================================== test session starts ===============================================================
platform linux -- Python 3.6.8, pytest-5.4.1, py-1.8.1, pluggy-0.13.1 -- /usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-3.10.0-1127.el7.x86_64-x86_64-with-redhat-7.8-Maipo', 'Packages': {'pytest': '5.4.1', 'py': '1.8.1', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.8.0', 'html': '2.1.1'}}
389-ds-base: 1.3.10.2-1.1asan.el7
nss: 3.44.0-7.el7_7
nspr: 4.21.0-1.el7
openldap: 2.4.44-21.el7_6
cyrus-sasl: 2.1.26-23.el7
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, inifile: pytest.ini
plugins: metadata-1.8.0, html-2.1.1
collected 57 items

dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_access_from_certain_network_only_ip PASSED                                       [  1%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_connectin_from_an_unauthorized_network PASSED                                    [  3%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_ip_keyword_test_noip_cannot PASSED                                               [  5%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_user_can_access_the_data_at_any_time PASSED                                      [  7%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_user_can_access_the_data_only_in_the_morning PASSED                              [  8%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_user_can_access_the_data_only_in_the_afternoon PASSED                            [ 10%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_timeofday_keyword PASSED                                                         [ 12%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_dayofweek_keyword_test_everyday_can_access PASSED                                [ 14%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_dayofweek_keyword_today_can_access PASSED                                        [ 15%]
dirsrvtests/tests/suites/acl/keywords_part2_test.py::test_user_cannot_access_the_data_at_all PASSED                                        [ 17%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_binds_with_a_password_and_can_access_the_data PASSED                              [ 19%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_binds_with_a_bad_password_and_cannot_access_the_data PASSED                       [ 21%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_anonymous_user_cannot_access_the_data PASSED                                           [ 22%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_authenticated_but_has_no_rigth_on_the_data PASSED                                      [ 24%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_the_bind_client_is_accessing_the_directory PASSED                                      [ 26%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_users_binds_with_a_password_and_can_access_the_data PASSED                             [ 28%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_binds_without_any_password_and_cannot_access_the_data PASSED                      [ 29%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_can_access_the_data_when_connecting_from_any_machine PASSED                       [ 31%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_can_access_the_data_when_connecting_from_internal_ds_network_only PASSED          [ 33%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_can_access_the_data_when_connecting_from_some_network_only PASSED                 [ 35%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_from_an_unauthorized_network PASSED                                                    [ 36%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_cannot_access_the_data_when_connecting_from_an_unauthorized_network_2 PASSED      [ 38%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_cannot_access_the_data_if_not_from_a_certain_domain PASSED                        [ 40%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_dnsalias_keyword_test_nodns_cannot PASSED                                              [ 42%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_can_access_from_ipv4_or_ipv6_address[127.0.0.1] PASSED                            [ 43%]
dirsrvtests/tests/suites/acl/keywords_test.py::test_user_can_access_from_ipv4_or_ipv6_address[[::1]] PASSED                                [ 45%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_success[6-5] PASSED                                              [ 47%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_success[5-5] PASSED                                              [ 49%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_success[5-25] PASSED                                             [ 50%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_limits_fail[50-200-cn=config,cn=ldbm database,cn=plugins,cn=config-nsslapd-idlistscanlimit-100-UNWILLING_TO_PERFORM] PASSED [ 52%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_limits_fail[5-15-cn=config-nsslapd-timelimit-20-UNAVAILABLE_CRITICAL_EXTENSION] PASSED [ 54%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_limits_fail[21-50-cn=config-nsslapd-sizelimit-20-SIZELIMIT_EXCEEDED] PASSED [ 56%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_limits_fail[21-50-cn=config-nsslapd-pagedsizelimit-5-SIZELIMIT_EXCEEDED] PASSED [ 57%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_limits_fail[5-50-cn=config,cn=ldbm database,cn=plugins,cn=config-nsslapd-lookthroughlimit-20-ADMINLIMIT_EXCEEDED] PASSED [ 59%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_sort_success PASSED                                              [ 61%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_abandon PASSED                                                   [ 63%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_with_timelimit PASSED                                            [ 64%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_dns_ip_aci[dns = "localhost.localdomain"] PASSED                 [ 66%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_dns_ip_aci[ip = "127.0.0.1"] PASSED                              [ 68%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_multiple_paging PASSED                                           [ 70%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_invalid_cookie[1000] PASSED                                      [ 71%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_invalid_cookie[-1] PASSED                                        [ 73%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_abandon_with_zero_size PASSED                                    [ 75%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_pagedsizelimit_success PASSED                                    [ 77%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_nspagedsizelimit[5-15-PASS] PASSED                               [ 78%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_nspagedsizelimit[15-5-SIZELIMIT_EXCEEDED] PASSED                 [ 80%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_paged_limits[conf_attr_values0-ADMINLIMIT_EXCEEDED] PASSED       [ 82%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_paged_limits[conf_attr_values1-PASS] PASSED                      [ 84%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_paged_user_limits[conf_attr_values0-ADMINLIMIT_EXCEEDED] PASSED  [ 85%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_search_paged_user_limits[conf_attr_values1-PASS] PASSED                 [ 87%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_ger_basic PASSED                                                        [ 89%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_multi_suffix_search PASSED                                              [ 91%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_maxsimplepaged_per_conn_success[None] PASSED                            [ 92%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_maxsimplepaged_per_conn_success[-1] PASSED                              [ 94%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_maxsimplepaged_per_conn_success[1000] PASSED                            [ 96%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_maxsimplepaged_per_conn_failure[0] PASSED                               [ 98%]
dirsrvtests/tests/suites/paged_results/paged_results_test.py::test_maxsimplepaged_per_conn_failure[1] PASSED                               [100%]

================================================== 57 passed, 13 warnings in 187.34s (0:03:07) ===================================================


Automated tests pass, no memory leak (described in this bugzilla) found.
Marking as VERIFIED.
Comment 16 errata-xmlrpc 2020-09-29 19:46:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds-base bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3894
Note You need to log in before you can comment on or make changes to this bug.