Bug 453185 - Not easily reproduceable crash in password change
Summary: Not easily reproduceable crash in password change
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 1.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 453489
TreeView+ depends on / blocked
 
Reported: 2008-06-27 18:40 UTC by Simo Sorce
Modified: 2015-01-04 23:33 UTC (History)
1 user (show)

Fixed In Version: 1.1.0-3.fc8
Clone Of:
Environment:
Last Closed: 2008-07-17 14:14:37 UTC
Embargoed:


Attachments (Terms of Use)
Fix for segfault (1.56 KB, patch)
2008-06-27 18:42 UTC, Simo Sorce
no flags Details | Diff
corrected patch (1.56 KB, patch)
2008-06-27 18:54 UTC, Simo Sorce
no flags Details | Diff
also avoid memory leaks (1.70 KB, patch)
2008-06-27 20:01 UTC, Simo Sorce
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0643 0 normal SHIPPED_LIVE ipa bug fix update 2008-08-04 18:20:50 UTC

Description Simo Sorce 2008-06-27 18:40:06 UTC
Description of problem:
Password change code in dirsrv crash tearing down the server.

Difficult to reproduce.

Comment 1 Simo Sorce 2008-06-27 18:41:10 UTC
Stack trace courtesy of Jan-Frode Myklebust

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x582df4b0 (LWP 6328)]
pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
280     if ( *val != PWD_HASH_PREFIX_START ||
(gdb) bt
#0  pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
#1  0x0ff250c0 in slapi_pw_find_sv (vals=0x108ba708, v=0x108ba7d8)
    at ldap/servers/slapd/pw.c:142
#2  0x0dd98594 in ?? () from /usr/lib/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0ff1edc4 in plugin_call_exop_plugins (pb=0x108b8538, oid=0x0)
    at ldap/servers/slapd/plugin.c:393
#4  0x100143fc in do_extended (pb=0x108b8538)
    at ldap/servers/slapd/extendop.c:300
#5  0x1000f348 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:562
#6  0x0f91ffc8 in _pt_root (arg=<value optimized out>)
    at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x0fd46e3c in start_thread (arg=<value optimized out>)
    at pthread_create.c:299
#8  0x48106670 in clone () from /lib/libc.so.6
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

Comment 2 Simo Sorce 2008-06-27 18:42:35 UTC
Created attachment 310466 [details]
Fix for segfault

The first argument of slapi_pw_find_sv is an array not a pointer to a pointer.
We must terminate the array or we can search through the memory unitl we reach
the end of a segment and segfault.

Comment 3 Simo Sorce 2008-06-27 18:54:28 UTC
Created attachment 310469 [details]
corrected patch

Comment 4 Simo Sorce 2008-06-27 20:01:09 UTC
Created attachment 310476 [details]
also avoid memory leaks

Comment 5 Fedora Update System 2008-06-29 17:57:58 UTC
ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8

Comment 6 Fedora Update System 2008-06-29 17:58:35 UTC
ipa-1.1.0-4.fc9 has been submitted as an update for Fedora 9

Comment 7 Fedora Update System 2008-07-01 05:28:49 UTC
ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ipa'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-5896

Comment 8 Matt Flusche 2008-07-03 03:12:51 UTC
I've upgraded to 1.1.0-4 for fedora 9 (x86_64) and am still having ns-slapd
crash during password changes.

# rpm -q ipa-server
ipa-server-1.1.0-4.fc9.x86_64

# uname -a
Linux ruff.flusche.co 2.6.25.9-76.fc9.x86_64 #1 SMP Fri Jun 27 15:58:30 EDT 2008
x86_64 x86_64 x86_64 GNU/Linux

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x41992950 (LWP 9201)]
0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
(gdb) bt
#0  0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
#1  0x00007f95ec9dc093 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#2  0x00007f95ec9dd778 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0000000000188f05 in plugin_call_exop_plugins (pb=0x1533f30, oid=0x150fc50
"1.3.6.1.4.1.4203.1.11.1")
    at ldap/servers/slapd/plugin.c:393
#4  0x000000000041698f in do_extended (pb=0x1533f30) at
ldap/servers/slapd/extendop.c:300
#5  0x0000000000412086 in connection_threadmain () at
ldap/servers/slapd/connection.c:562
#6  0x0000003ee8e29aa3 in _pt_root (arg=<value optimized out>) at
../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x000000393080729a in start_thread (arg=<value optimized out>) at
pthread_create.c:297
#8  0x000000392fce42cd in clone () from /lib64/libc.so.6



Comment 10 Fedora Update System 2008-07-15 19:52:41 UTC
ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8

Comment 11 Fedora Update System 2008-07-17 14:14:34 UTC
ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2008-07-17 14:17:37 UTC
ipa-1.1.0-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.