Bug 464620 - buggy nss_ldap seems to be statically linked to openldap
buggy nss_ldap seems to be statically linked to openldap
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: nss_ldap (Show other bugs)
9
All Linux
medium Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-29 14:34 EDT by Josh Lange
Modified: 2008-10-20 18:07 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-20 18:07:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Lange 2008-09-29 14:34:56 EDT
Description of problem:
The systems in my environment are currently not stable, due to some ldap bugs, which are occasionally crashing various services on our clients. I believe that I'm hitting this bug:
http://www.openldap.org/its/index.cgi/Incoming?id=5525;page=1;statetype=1

Which was fixed in openldap 2.4.10 . I noticed that the error for ber_flush2 is being reported in /usr/lib/libnss_ldap-259.so, which is provided by nss_ldap and NOT the openldap package. It appears all of these symbols are also in the nss library as well, when I strings the binary.

This would mean that nss_ldap is using an old version of openldap. It has not been updated.


After doing a backtrace on one of the services' core files (automount) I saw:
(gdb) bt full
#0  0x0012e416 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00185660 in raise () from /lib/libc.so.6
No symbol table info available.
#2  0x00187028 in abort () from /lib/libc.so.6
No symbol table info available.
#3  0x0017e57e in __assert_fail () from /lib/libc.so.6
No symbol table info available.
#4  0x004fb28a in ber_flush2 () from /usr/lib/libnss_ldap-259.so
No symbol table info available.
#5  0x004e1729 in ldap_int_flush_request () from /usr/lib/libnss_ldap-259.so
No symbol table info available.
#6  0x004e1b1f in ldap_send_server_request () from /usr/lib/libnss_ldap-259.so
No symbol table info available.
#7  0x004e1d02 in ldap_send_initial_request () from /usr/lib/libnss_ldap-259.so
No symbol table info available.
#8  0x004d5166 in ldap_search () from /usr/lib/libnss_ldap-259.so
No symbol table info available.
#9  0x004d52f8 in ldap_search_st () from /usr/lib/libnss_ldap-259.so
No symbol table info available.
#10 0x004c655b in do_search_s (base=0x50ea00 "dc=csc,dc=calpoly,dc=edu", scope=2, filter=0xb7d6884c "(&(objectClass=user)(uidNumber=2049992))", attrs=0x50f6e0, 
    sizelimit=1, res=0xb7d69094) at ldap-nss.c:2739
	rc = 0
	tv = {tv_sec = 120, tv_usec = 0}
	tvp = (struct timeval *) 0x6
#11 0x004c5798 in do_with_reconnect (base=0x50ea00 "dc=csc,dc=calpoly,dc=edu", scope=2, filter=0xb7d6884c "(&(objectClass=user)(uidNumber=2049992))", attrs=0x50f6e0, 
    sizelimit=1, private=0xb7d69094, search_func=0x4c64d0 <do_search_s>) at ldap-nss.c:2630
	tries = 0
	backoff = 0
	hard = 1
	start_uri = 0
	log = 1
	stat = NSS_STATUS_SUCCESS
	maxtries = 7
	__PRETTY_FUNCTION__ = "do_with_reconnect"
#12 0x004c62be in _nss_ldap_search_s (args=0xb7d690e0, filterprot=0x515ea0 "(&(objectClass=user)(uidNumber=%d))", sel=LM_PASSWD, user_attrs=0x0, sizelimit=1, 
    res=0xb7d69094) at ldap-nss.c:3154
	sdBase = "\210;0�@\021,\000\001\000\000\000\220�6�\004\237\034\000\220�6�pJ\000\000\230?5�\214\214ַF�\034\000@\021,\000\230?5�\004\237\034\000@\021,\000\004\000\000\000�\214ַ�\214ַ��+\000@\021,\000\210;0�X\2021�@\021,\000\002\000\000\000\210;0�\200;0�,�P\000\bF4�\bF4��\214ַ��+\000@\021,\000\bF4�\004\237\034\000F�\034\000@\021,\000\bF4�\000F4���+\000@\021,\000X\2021�\004\237\034\000@\021,\000\005\000\000\000\030�6�P\2021�\200\2304�\020\000\000\000\000\000\000\000H\2011�@\021,\000"...
	base = 0x50ea00 "dc=csc,dc=calpoly,dc=edu"
	filterBuf = "(&(objectClass=user)(uidNumber=2049992))\000jec\003\000\000\000����\000\000\000\000oup)\a\001P\000X\216ַX\216ַ*)))\000\000\000\000L{\023\000�O\024\000\200 ,\000\000\000\000\000\001\000\000\000\001\000\000\000\r\000\000\000p\021,\000p\021,\000\030;0��\210ַ$gL\000\r\000\000\000 �P\000\000\000\000\000\000\000\000\000�fL\000,�P\000�\210ַ��+\000\b(0��hO\000\030\211ַU�\034\000h\213ַ��O\000g\211ַ\230;0�\001\000\000\000��O\000"...
	dynamicFilterBuf = 0x0
	attrs = (const char **) 0x50f6e0
	filter = 0xb7d6884c "(&(objectClass=user)(uidNumber=2049992))"
	scope = 2
	stat = <value optimized out>
	sd = (ldap_service_search_descriptor_t *) 0x50ea20
#13 0x004c6a87 in _nss_ldap_getbyname (args=0xb7d690e0, result=0xb7d691f4, buffer=0xb8318450 "jetty", buflen=1024, errnop=0xb7d6ab58, 
    filterprot=0x515ea0 "(&(objectClass=user)(uidNumber=%d))", sel=LM_PASSWD, parser=0x4c6cd0 <_nss_ldap_parse_pw>) at ldap-nss.c:3501
	stat = <value optimized out>
	ctx = {ec_state = {ls_type = 0, ls_retry = 1878086, ls_info = {ls_key = 0x2c1140 "", ls_index = 2888000}}, ec_msgid = -1, ec_res = 0x0, ec_sd = 0xb7d69128, 
  ec_cookie = 0x0}
#14 0x004c7140 in _nss_ldap_getpwuid_r (uid=2049992, result=0xb7d691f4, buffer=0xb8318450 "jetty", buflen=1024, errnop=0xb7d6ab58) at ldap-pwd.c:263
	a = {la_type = LA_TYPE_NUMBER, la_arg1 = {la_string = 0x1f47c8 "w\213E\030�", la_number = 2049992, la_triple = {host = 0x1f47c8 "w\213E\030�", 
      user = 0xb82edf38 "", domain = 0x2942ce "getpwuid_r"}, la_string_list = 0x1f47c8}, la_arg2 = {la_string = 0x0}, la_base = 0x0}
#15 0x001f49c2 in getpwuid_r@@GLIBC_2.1.2 () from /lib/libc.so.6
No symbol table info available.
#16 0xb7fa696d in do_mount_indirect (arg=0xb8303c08) at indirect.c:746
	mt = {mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, {__spins = 0, __list = {__next = 0x0}}}, 
    __size = '\0' <repeats 23 times>, __align = 0}, cond = {__data = {__lock = 0, __futex = 1, __total_seq = 1, __wakeup_seq = 0, __woken_seq = 0, 
      __mutex = 0xb7fd0768, __nwaiters = 2, __broadcast_seq = 0}, 
    __size = "\000\000\000\000\001\000\000\000\001", '\0' <repeats 23 times>, "h\a��\002\000\000\000\000\000\000\000\000\000\000", __align = 4294967296}, 
  signaled = 0, ap = 0xb83026b8, status = 0, type = 0, ioctlfd = 0, mc = 0x0, name = ".hidden", '\0' <repeats 247 times>, dev = 23, len = 7, uid = 2049992, gid = 350, 
  wait_queue_token = 6}
	ap = (struct autofs_point *) 0xb83026b8
	buf = "/home/.hidden\000049992", '\0' <repeats 3894 times>, "\232\231f�\002����\034\000\t\000\000\000��ַ\b\021��\000\000\000\000\000\000\000\000��ַ", '\0' <repeats 12 times>, "\001\000\000\000\027\000\000\000\000\000\000\000\211\f#\000�\002��|[��x\021,\000\030\000\000\000\003\000\000\000\000\000\000\000\210�ַ��\023\000\004\000\000\000�\f��\a\000\000\000\224�ַ\004\000\000\000�A\000\000\003", '\0' <repeats 32 times>, "\004\000\000\000\000\000\000\216g\023\000\025��H�BM\001���H\000\000\000\000[��H"
	st = {st_dev = 0, __pad1 = 0, __st_ino = 0, st_mode = 0, st_nlink = 0, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0, st_size = 0, st_blksize = 0, 
  st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0}, st_ino = 0}
	pw = {pw_name = 0xb8318450 "jetty", pw_passwd = 0xb8318456 "x", pw_uid = 495, pw_gid = 487, pw_gecos = 0xb8318460 "", pw_dir = 0xb8318461 "/usr/share/jetty", 
  pw_shell = 0xb8318472 "/bin/sh"}
	ppw = (struct passwd *) 0xb7d691f4
	gr = {gr_name = 0xb831a87c "8\025,", gr_passwd = 0xb831a886 "1�gmedbery", gr_gid = 350, gr_mem = 0xb831d2ec}
	pgr = <value optimized out>
	gr_tmp = <value optimized out>
	len = <value optimized out>
	tmplen = <value optimized out>
	grplen = <value optimized out>
	status = 0
	state = 0
	__FUNCTION__ = "do_mount_indirect"



[root@grape cores]# rpm -q nss_ldap
nss_ldap-259-3.fc9.i386
[root@grape cores]# rpm -q openldap
openldap-2.4.10-1.fc9.i386
Comment 1 Josh Lange 2008-09-29 14:45:41 EDT
hmm, I would say so, line 116 from nss_ldap.spec
So, really, there should have been a new relase of this after openldap was patched. (or changed to use dynamic linking)

make %{?_smp_mflags} LIBS="-Wl,-Bstatic -lldap -llber
Comment 2 Nalin Dahyabhai 2008-09-30 13:33:34 EDT
Static linking is needed in order to work around certain other problems, though FWIW I dislike it.  I'll push a rebuild into updates-testing today.
Comment 3 Fedora Update System 2008-09-30 13:36:33 EDT
nss_ldap-259-3.fc9.2 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/nss_ldap-259-3.fc9.2
Comment 4 Fedora Update System 2008-10-01 02:36:36 EDT
nss_ldap-259-3.fc9.2 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update nss_ldap'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8471
Comment 5 Fedora Update System 2008-10-20 18:07:32 EDT
nss_ldap-259-3.fc9.2 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.