Red Hat Bugzilla – Bug 231507
rhds72 Modification of directory entries with VLV-indexed null-value attributes results in server crash
Last modified: 2016-05-06 10:41:04 EDT
Description of problem:
The crash happens when you have a modify containing an attribute with some
values followed by an attribute with no values, and the attributes are one of
the attributes sorted on by the VLV search. For example, when you create a
browsing index in the console, it creates a VLV index sorted first by cn, then
givenname, then o, then ou, then sn. So if the entry you are modifying, prior
to the modify request, has a value for cn, but none for givenname, the server
Created attachment 149634 [details]
Your fix looks good.
Created attachment 150065 [details]
cvs commit log
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
Fix Description: The value lowest_value is defined outside the loop that loops
through all the attributes in the vlv sort specification (e.g. usually
something like cn givenname o ou sn if defined by the console browsing index).
lowest_value is not reset for each loop iteration. So if it goes through the
loop one time for e.g. givenname, and givenname has values, lowest_value will
point to the lowest value of givenname until the key is created, then it is
freed. So the next loop iteration uses o, and if for example o does not have
any values, lowest_value will point to the already freed memory used by the
givenname iteration, which is now garbage (e.g. the lowest_value->bv_len may be
very large, which is the probably cause of the malloc out of memory errors seen
by the customer). The solution is to reset lowest_value to NULL before each
loop iteration (I did this by moving the declaration and initialization of
lowest_value inside the loop scope) and testing for lowest_value == NULL before
trying to use it.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Commited fix to HEAD.
Checking in vlv.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/vlv.c,v <-- vlv.c
new revision: 1.13; previous revision: 1.12
DS7.2 is not a valid milestone anymore. Anything thats set to DS7.2 should be
set to DS8.0. Will make further changes per bug council on 07/24/2007, after this.