Red Hat Bugzilla – Bug 239754
Samba4 test can crash FDS
Last modified: 2015-01-04 18:26:48 EST
Description of problem: Invalid LDIF (such as in the patch for samba4 below) Version-Release number of selected component (if applicable): current cvs How reproducible: Every time Steps to Reproduce: 1. Download and build Samba4 2. apply this patch 3. FEDORA_DS_PREFIX=/opt/fedora-ds TEST_LDAP=yes make test Actual results: FDS will fail to start, having segfaulted on the invalid input Expected results: FDS will fail to start, objecting to the invalid input Additional info: The failure is in the loading of the databases for the sub-suffixes. If configured in the kernel, a core file will be left, which reveals this backtrace: #0 ldbm_instance_find_by_name (li=0x996e5f0, name=0x0) at ./ldap/servers/slapd/intrinsics.h:97 97 if ( ((l = (unsigned char)(*(src++))) >= 'A') && (l <= 'Z') ) (gdb) bt full #0 ldbm_instance_find_by_name (li=0x996e5f0, name=0x0) at ./ldap/servers/slapd/intrinsics.h:97 inst_obj = (Object *) 0x99843d8 inst = (ldbm_instance *) 0x99bbbd8 #1 0x4056c719 in ldbm_instance_add_instance_entry_callback (pb=0x0, entryBefore=0x99c7558, entryAfter=0x0, returncode=0x0, returntext=0x0, arg=0x996e5f0) at ldap/servers/slapd/back-ldbm/ldbm_instance_config.c:824 instance_name = 0x0 inst = <value optimized out> li = <value optimized out> rc = <value optimized out> #2 0x40565cef in ldbm_config_read_instance_entries (li=0x996e5f0, backend_type=0x996fc98 "ldbm database") at ldap/servers/slapd/back-ldbm/ldbm_config.c:1260 tmp_pb = (Slapi_PBlock *) 0x99ba9f0 basedn = "cn=ldbm database, cn=plugins, cn=config\000Q�R", '\0' <repeats 33 times>, "0\000\000\000\000\000\000\000��^\000Q�R", '\0' <repeats 29 times>, "Q�R\000\030\000\000\000\000\000\000\000��^\000\001\000\000\000�C\230\t\000\000\000\a�_a\000�C\230\t\020\000\000\000�\206��^\000 qa\000N�R\000\000\000\000\000\030\000\000\000\001\000\000\000�\236\233\t\000\000\000\003�_a\000\220\236\233\tN�R\000\000\000\000\000\021\000\000\000\001\000\000\000(�\233\t�C\230\003�_a\000Q�R\000 �\233\t \207"... entries = (Slapi_Entry **) 0x99bc500 ---Type <return> to continue, or q <return> to quit--- #3 0x40566cf5 in ldbm_config_load_dse_info (li=0x996e5f0) at ldap/servers/slapd/back-ldbm/ldbm_config.c:1320 search_pb = <value optimized out> entries = (Slapi_Entry **) 0x991e880 res = 0 dn = "cn=config, cn=ldbm database, cn=plugins, cn=config\000\200n�j��d��\025�~I@��F\037\211B�\030��y\231\236w���P�\031\005\"\000\000\000Pqa\000(�/�\027\005�\231\233\t \000\000\0000qa\000\026\000S\000 qa\000!\000\000\000 �\233\t�\231\233\t�_a\000 \000\000\0003%\n@\b�\005�R\000 \000\000\000h�\027\005P�\031\005\0012b\0003%\n@(�h�\027\005\0012b\000Zb�t\000\216=@P�\031\005"... #4 0x4057c7f8 in ldbm_back_start (pb=0x99c2be0) at ldap/servers/slapd/back-ldbm/start.c:66 li = (struct ldbminfo *) 0x996e5f0 home_dir = <value optimized out> action = <value optimized out> retval = <value optimized out> initialized = 0
Created attachment 154508 [details] Samba4 patch which breaks FDS in selftest
I should also note that attempting to introduce this error after the server had started for the first time would result in an error, not a crash. The server is not started in the inf file, with 'start_server= 0', so I wonder if the very first load is presumed to be 'safe', having been generated by the ds_newinst tool.
Andrew, have you tried to reproduce this problem with the latest Fedora DS 1.1? The way setup works now is quite different.
A simple application of that patch to current SVN of Samba4 and current Fedora DS doesn't crash. I could retry with the older code, but we don't have ds_newinst any more. Let's call this one fixed...