This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 453185 - Not easily reproduceable crash in password change
Not easily reproduceable crash in password change
Status: CLOSED CURRENTRELEASE
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
1.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Simo Sorce
Chandrasekar Kannan
:
Depends On:
Blocks: 453489
  Show dependency treegraph
 
Reported: 2008-06-27 14:40 EDT by Simo Sorce
Modified: 2015-01-04 18:33 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.1.0-3.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-17 10:14:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix for segfault (1.56 KB, patch)
2008-06-27 14:42 EDT, Simo Sorce
no flags Details | Diff
corrected patch (1.56 KB, patch)
2008-06-27 14:54 EDT, Simo Sorce
no flags Details | Diff
also avoid memory leaks (1.70 KB, patch)
2008-06-27 16:01 EDT, Simo Sorce
no flags Details | Diff

  None (edit)
Description Simo Sorce 2008-06-27 14:40:06 EDT
Description of problem:
Password change code in dirsrv crash tearing down the server.

Difficult to reproduce.
Comment 1 Simo Sorce 2008-06-27 14:41:10 EDT
Stack trace courtesy of Jan-Frode Myklebust

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x582df4b0 (LWP 6328)]
pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
280     if ( *val != PWD_HASH_PREFIX_START ||
(gdb) bt
#0  pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
#1  0x0ff250c0 in slapi_pw_find_sv (vals=0x108ba708, v=0x108ba7d8)
    at ldap/servers/slapd/pw.c:142
#2  0x0dd98594 in ?? () from /usr/lib/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0ff1edc4 in plugin_call_exop_plugins (pb=0x108b8538, oid=0x0)
    at ldap/servers/slapd/plugin.c:393
#4  0x100143fc in do_extended (pb=0x108b8538)
    at ldap/servers/slapd/extendop.c:300
#5  0x1000f348 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:562
#6  0x0f91ffc8 in _pt_root (arg=<value optimized out>)
    at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x0fd46e3c in start_thread (arg=<value optimized out>)
    at pthread_create.c:299
#8  0x48106670 in clone () from /lib/libc.so.6
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
Comment 2 Simo Sorce 2008-06-27 14:42:35 EDT
Created attachment 310466 [details]
Fix for segfault

The first argument of slapi_pw_find_sv is an array not a pointer to a pointer.
We must terminate the array or we can search through the memory unitl we reach
the end of a segment and segfault.
Comment 3 Simo Sorce 2008-06-27 14:54:28 EDT
Created attachment 310469 [details]
corrected patch
Comment 4 Simo Sorce 2008-06-27 16:01:09 EDT
Created attachment 310476 [details]
also avoid memory leaks
Comment 5 Fedora Update System 2008-06-29 13:57:58 EDT
ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8
Comment 6 Fedora Update System 2008-06-29 13:58:35 EDT
ipa-1.1.0-4.fc9 has been submitted as an update for Fedora 9
Comment 7 Fedora Update System 2008-07-01 01:28:49 EDT
ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ipa'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-5896
Comment 8 Matt Flusche 2008-07-02 23:12:51 EDT
I've upgraded to 1.1.0-4 for fedora 9 (x86_64) and am still having ns-slapd
crash during password changes.

# rpm -q ipa-server
ipa-server-1.1.0-4.fc9.x86_64

# uname -a
Linux ruff.flusche.co 2.6.25.9-76.fc9.x86_64 #1 SMP Fri Jun 27 15:58:30 EDT 2008
x86_64 x86_64 x86_64 GNU/Linux

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x41992950 (LWP 9201)]
0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
(gdb) bt
#0  0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
#1  0x00007f95ec9dc093 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#2  0x00007f95ec9dd778 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0000000000188f05 in plugin_call_exop_plugins (pb=0x1533f30, oid=0x150fc50
"1.3.6.1.4.1.4203.1.11.1")
    at ldap/servers/slapd/plugin.c:393
#4  0x000000000041698f in do_extended (pb=0x1533f30) at
ldap/servers/slapd/extendop.c:300
#5  0x0000000000412086 in connection_threadmain () at
ldap/servers/slapd/connection.c:562
#6  0x0000003ee8e29aa3 in _pt_root (arg=<value optimized out>) at
../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x000000393080729a in start_thread (arg=<value optimized out>) at
pthread_create.c:297
#8  0x000000392fce42cd in clone () from /lib64/libc.so.6

Comment 10 Fedora Update System 2008-07-15 15:52:41 EDT
ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8
Comment 11 Fedora Update System 2008-07-17 10:14:34 EDT
ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2008-07-17 10:17:37 EDT
ipa-1.1.0-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.