Bug 453185 – Not easily reproduceable crash in password change

Bug 453185 - Not easily reproduceable crash in password change

Summary:	Not easily reproduceable crash in password change

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	freeIPA
Classification:	Community
Component:	ipa-server (Show other bugs)
Sub Component:
Version:	1.0
Hardware:	All Linux

Priority	high Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Simo Sorce
QA Contact:	Chandrasekar Kannan
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	453489
	Show dependency tree / graph

Reported:	2008-06-27 14:40 EDT by Simo Sorce
Modified:	2015-01-04 18:33 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:	1.1.0-3.fc8
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-07-17 10:14:37 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Fix for segfault (1.56 KB, patch) 2008-06-27 14:42 EDT, Simo Sorce	no flags	Details \| Diff
corrected patch (1.56 KB, patch) 2008-06-27 14:54 EDT, Simo Sorce	no flags	Details \| Diff
also avoid memory leaks (1.70 KB, patch) 2008-06-27 16:01 EDT, Simo Sorce	no flags	Details \| Diff
Show Obsolete (2) Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Simo Sorce 2008-06-27 14:40:06 EDT

Description of problem:
Password change code in dirsrv crash tearing down the server.

Difficult to reproduce.

Comment 1 Simo Sorce 2008-06-27 14:41:10 EDT

Stack trace courtesy of Jan-Frode Myklebust

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x582df4b0 (LWP 6328)]
pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
280     if ( *val != PWD_HASH_PREFIX_START ||
(gdb) bt
#0  pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
#1  0x0ff250c0 in slapi_pw_find_sv (vals=0x108ba708, v=0x108ba7d8)
    at ldap/servers/slapd/pw.c:142
#2  0x0dd98594 in ?? () from /usr/lib/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0ff1edc4 in plugin_call_exop_plugins (pb=0x108b8538, oid=0x0)
    at ldap/servers/slapd/plugin.c:393
#4  0x100143fc in do_extended (pb=0x108b8538)
    at ldap/servers/slapd/extendop.c:300
#5  0x1000f348 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:562
#6  0x0f91ffc8 in _pt_root (arg=<value optimized out>)
    at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x0fd46e3c in start_thread (arg=<value optimized out>)
    at pthread_create.c:299
#8  0x48106670 in clone () from /lib/libc.so.6
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

Comment 2 Simo Sorce 2008-06-27 14:42:35 EDT

Created attachment 310466 [details]
Fix for segfault

The first argument of slapi_pw_find_sv is an array not a pointer to a pointer.
We must terminate the array or we can search through the memory unitl we reach
the end of a segment and segfault.

Comment 3 Simo Sorce 2008-06-27 14:54:28 EDT

Created attachment 310469 [details]
corrected patch

Comment 4 Simo Sorce 2008-06-27 16:01:09 EDT

Created attachment 310476 [details]
also avoid memory leaks

Comment 5 Fedora Update System 2008-06-29 13:57:58 EDT

ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8

Comment 6 Fedora Update System 2008-06-29 13:58:35 EDT

ipa-1.1.0-4.fc9 has been submitted as an update for Fedora 9

Comment 7 Fedora Update System 2008-07-01 01:28:49 EDT

ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ipa'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-5896

Comment 8 Matt Flusche 2008-07-02 23:12:51 EDT

I've upgraded to 1.1.0-4 for fedora 9 (x86_64) and am still having ns-slapd
crash during password changes.

# rpm -q ipa-server
ipa-server-1.1.0-4.fc9.x86_64

# uname -a
Linux ruff.flusche.co 2.6.25.9-76.fc9.x86_64 #1 SMP Fri Jun 27 15:58:30 EDT 2008
x86_64 x86_64 x86_64 GNU/Linux

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x41992950 (LWP 9201)]
0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
(gdb) bt
#0  0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
#1  0x00007f95ec9dc093 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#2  0x00007f95ec9dd778 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0000000000188f05 in plugin_call_exop_plugins (pb=0x1533f30, oid=0x150fc50
"1.3.6.1.4.1.4203.1.11.1")
    at ldap/servers/slapd/plugin.c:393
#4  0x000000000041698f in do_extended (pb=0x1533f30) at
ldap/servers/slapd/extendop.c:300
#5  0x0000000000412086 in connection_threadmain () at
ldap/servers/slapd/connection.c:562
#6  0x0000003ee8e29aa3 in _pt_root (arg=<value optimized out>) at
../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x000000393080729a in start_thread (arg=<value optimized out>) at
pthread_create.c:297
#8  0x000000392fce42cd in clone () from /lib64/libc.so.6

Comment 10 Fedora Update System 2008-07-15 15:52:41 EDT

ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8

Comment 11 Fedora Update System 2008-07-17 10:14:34 EDT

ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2008-07-17 10:17:37 EDT

ipa-1.1.0-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.