Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 453185

Summary: Not easily reproduceable crash in password change
Product: [Retired] freeIPA Reporter: Simo Sorce <ssorce>
Component: ipa-serverAssignee: Simo Sorce <ssorce>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: high    
Version: 1.0CC: benl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.1.0-3.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-17 14:14:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 453489    
Attachments:
Description Flags
Fix for segfault
none
corrected patch
none
also avoid memory leaks none

Description Simo Sorce 2008-06-27 18:40:06 UTC 
Description of problem:
Password change code in dirsrv crash tearing down the server.

Difficult to reproduce.
Comment 1 Simo Sorce 2008-06-27 18:41:10 UTC 
Stack trace courtesy of Jan-Frode Myklebust

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x582df4b0 (LWP 6328)]
pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
280     if ( *val != PWD_HASH_PREFIX_START ||
(gdb) bt
#0  pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
#1  0x0ff250c0 in slapi_pw_find_sv (vals=0x108ba708, v=0x108ba7d8)
    at ldap/servers/slapd/pw.c:142
#2  0x0dd98594 in ?? () from /usr/lib/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0ff1edc4 in plugin_call_exop_plugins (pb=0x108b8538, oid=0x0)
    at ldap/servers/slapd/plugin.c:393
#4  0x100143fc in do_extended (pb=0x108b8538)
    at ldap/servers/slapd/extendop.c:300
#5  0x1000f348 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:562
#6  0x0f91ffc8 in _pt_root (arg=<value optimized out>)
    at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x0fd46e3c in start_thread (arg=<value optimized out>)
    at pthread_create.c:299
#8  0x48106670 in clone () from /lib/libc.so.6
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
Comment 2 Simo Sorce 2008-06-27 18:42:35 UTC 
Created attachment 310466 [details]
Fix for segfault

The first argument of slapi_pw_find_sv is an array not a pointer to a pointer.
We must terminate the array or we can search through the memory unitl we reach
the end of a segment and segfault.
Comment 3 Simo Sorce 2008-06-27 18:54:28 UTC 
Created attachment 310469 [details]
corrected patch
Comment 4 Simo Sorce 2008-06-27 20:01:09 UTC 
Created attachment 310476 [details]
also avoid memory leaks
Comment 5 Fedora Update System 2008-06-29 17:57:58 UTC 
ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8
Comment 6 Fedora Update System 2008-06-29 17:58:35 UTC 
ipa-1.1.0-4.fc9 has been submitted as an update for Fedora 9
Comment 7 Fedora Update System 2008-07-01 05:28:49 UTC 
ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ipa'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-5896
Comment 8 Matt Flusche 2008-07-03 03:12:51 UTC 
I've upgraded to 1.1.0-4 for fedora 9 (x86_64) and am still having ns-slapd
crash during password changes.

# rpm -q ipa-server
ipa-server-1.1.0-4.fc9.x86_64

# uname -a
Linux ruff.flusche.co 2.6.25.9-76.fc9.x86_64 #1 SMP Fri Jun 27 15:58:30 EDT 2008
x86_64 x86_64 x86_64 GNU/Linux

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x41992950 (LWP 9201)]
0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
(gdb) bt
#0  0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
#1  0x00007f95ec9dc093 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#2  0x00007f95ec9dd778 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0000000000188f05 in plugin_call_exop_plugins (pb=0x1533f30, oid=0x150fc50
"1.3.6.1.4.1.4203.1.11.1")
    at ldap/servers/slapd/plugin.c:393
#4  0x000000000041698f in do_extended (pb=0x1533f30) at
ldap/servers/slapd/extendop.c:300
#5  0x0000000000412086 in connection_threadmain () at
ldap/servers/slapd/connection.c:562
#6  0x0000003ee8e29aa3 in _pt_root (arg=<value optimized out>) at
../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x000000393080729a in start_thread (arg=<value optimized out>) at
pthread_create.c:297
#8  0x000000392fce42cd in clone () from /lib64/libc.so.6
Comment 10 Fedora Update System 2008-07-15 19:52:41 UTC 
ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8
Comment 11 Fedora Update System 2008-07-17 14:14:34 UTC 
ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2008-07-17 14:17:37 UTC 
ipa-1.1.0-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.