Bug 483254 - Modification of nsViewFilter of a virtual view OU crashes the server
Modification of nsViewFilter of a virtual view OU crashes the server
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Personalized Views (Show other bugs)
1.1.3
x86_64 Linux
high Severity medium
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
Depends On:
Blocks: 249650 FDS1.2.0
  Show dependency treegraph
 
Reported: 2009-01-30 10:06 EST by Andrey Ivanov
Modified: 2015-01-04 18:36 EST (History)
3 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-29 19:10:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (3.15 KB, patch)
2009-02-04 17:58 EST, Rich Megginson
no flags Details | Diff
cvs commit log (182 bytes, text/plain)
2009-02-05 10:20 EST, Rich Megginson
no flags Details

  None (edit)
Description Andrey Ivanov 2009-01-30 10:06:35 EST
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

When constructing virtual views the change of the value of nsViewFilter  from a correct one to a value containing a special character crashes the server. The problem is reproducible after the server works for some time.

Reproducible: Sometimes

Steps to Reproduce:
1. Create the following virtual views :
dn: ou=virtualviews,dc=id,dc=polytechnique,dc=edu
changetype: modify
replace: objectClass
objectClass: nsView
objectClass: organizationalUnit
objectClass: top

ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu
nsViewFilter: (ou=ou=lpp,ou=lab,ou=organisation,dc=id,dc=polytechnique,dc=edu)
ou: LPP
objectClass: top
objectClass: organizationalUnit
objectClass: nsView
description: Test LPP

2. Test that it works so that it shows the entries generated by virtualviews and ensure that they are correctly displayed

ldapvi -Y GSSAPI -h localhost -b "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu"

ldapvi -Y GSSAPI -h localhost -b "ou=VirtualViews,dc=id,dc=polytechnique,dc=edu"    

3. Suppress the "objectClass: nsView" in the upper view :
dn: ou=virtualviews,dc=id,dc=polytechnique,dc=edu
changetype: modify
replace: objectClass
objectClass: organizationalUnit
objectClass: top
-

This step seems to be important. Without it i cannot reproduce the problem in a  reliable way.

4. Reverify thet everything is fine :
ldapvi -Y GSSAPI -h localhost -b "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu"

5. Change the nsViewFilter attribute as follows :
n: ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu
changetype: modify
replace: nsViewFilter
nsViewFilter: (ou=#ou=lpp,ou=lab,ou=organisation,dc=id,dc=polytechnique,dc=edu
 )
-

In other words, i have added the '#' in the middle of the filter.
Actual Results:  
The server crashes.

Expected Results:  
The server should not crash.

The same modification of the filter seems to be OK when the upper container (ou=virtualviews,dc=id,dc=polytechnique,dc=edu) contains the class "nsView"
stack trace :

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1368930624 (LWP 20965)]
0x00002b94b73704b4 in views_cache_create_applied_filter () from /Local/dirsrv/lib/dirsrv/plugins/libviews-plugin.so
(gdb) bt
#0  0x00002b94b73704b4 in views_cache_create_applied_filter () from /Local/dirsrv/lib/dirsrv/plugins/libviews-plugin.so
#1  0x00002b94b7371927 in views_update_views_cache () from /Local/dirsrv/lib/dirsrv/plugins/libviews-plugin.so
#2  0x00002b94b716ced2 in statechange_post_op () from /Local/dirsrv/lib/dirsrv/plugins/libstatechange-plugin.so
#3  0x00002b94b142908d in plugin_call_func () from /Local/dirsrv/lib/dirsrv/libslapd.so.0
#4  0x00002b94b14291fe in plugin_call_plugins () from /Local/dirsrv/lib/dirsrv/libslapd.so.0
#5  0x00002b94b141e33b in op_shared_modify () from /Local/dirsrv/lib/dirsrv/libslapd.so.0
#6  0x00002b94b141f1c2 in do_modify () from /Local/dirsrv/lib/dirsrv/libslapd.so.0
#7  0x0000000000412f6e in connection_threadmain ()
#8  0x000000303e227ded in PR_JoinThread () from /usr/lib64/libnspr4.so
#9  0x0000003e618062f7 in start_thread () from /lib64/libpthread.so.0
#10 0x0000003e610d1e3d in clone () from /lib64/libc.so.6
Comment 1 Andrey Ivanov 2009-01-30 10:16:26 EST
The message in access log :

[30/Jan/2009:15:38:30 +0100] views-plugin - Error: the view filter [<F0>6<AB>^C] in entry [@..\04] is not valid
Comment 2 Andrey Ivanov 2009-01-30 10:17:16 EST
It was of course error log, not access log
Comment 3 Andrey Ivanov 2009-01-30 10:44:19 EST
Here is the same stack trace with the debugging information :

#0  0x0000003e61078580 in strlen () from /lib64/libc.so.6
#1  0x0000003e610782d6 in strdup () from /lib64/libc.so.6
#2  0x00002b8c606dc862 in slapi_ch_strdup (s1=0x31 <Address 0x31 out of bounds>) at ldap/servers/slapd/ch_malloc.c:276
#3  0x00002b8c666a27f8 in views_cache_create_applied_filter (pView=0x1090c80) at ldap/servers/plugins/views/views.c:764
#4  0x00002b8c666a34fb in views_update_views_cache (e=0x46b9c30, dn=0x38eeab0 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu", modtype=4, pb=0x39355c0, caller_data=0x0)
    at ldap/servers/plugins/views/views.c:1430
#5  0x00002b8c6649f129 in statechange_post_op (pb=0x39355c0, modtype=4) at ldap/servers/plugins/statechange/statechange.c:296
#6  0x00002b8c6649eef9 in statechange_mod_post_op (pb=0x39355c0) at ldap/servers/plugins/statechange/statechange.c:205
#7  0x00002b8c60720da2 in plugin_call_func (list=0xf698e0, operation=505, pb=0x39355c0, call_one=0) at ldap/servers/slapd/plugin.c:1369
#8  0x00002b8c60720c83 in plugin_call_list (list=0xf365e0, operation=505, pb=0x39355c0) at ldap/servers/slapd/plugin.c:1331
#9  0x00002b8c6071ee47 in plugin_call_plugins (pb=0x39355c0, whichfunction=505) at ldap/servers/slapd/plugin.c:324
#10 0x00002b8c60712c6a in op_shared_modify (pb=0x39355c0, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:846
#11 0x00002b8c60711c1d in do_modify (pb=0x39355c0) at ldap/servers/slapd/modify.c:341
#12 0x0000000000411c07 in connection_dispatch_operation (conn=0x2aaaaaab4c10, op=0x5c218e0, pb=0x39355c0) at ldap/servers/slapd/connection.c:504
#13 0x00000000004132cf in connection_threadmain () at ldap/servers/slapd/connection.c:2163
#14 0x000000303e227ded in PR_JoinThread () from /usr/lib64/libnspr4.so
#15 0x0000003e618062f7 in start_thread () from /lib64/libpthread.so.0
#16 0x0000003e610d1e3d in clone () from /lib64/libc.so.6
Comment 4 Andrey Ivanov 2009-01-30 10:54:30 EST
bt full :

#0  0x0000003e61078580 in strlen () from /lib64/libc.so.6
No symbol table info available.
#1  0x0000003e610782d6 in strdup () from /lib64/libc.so.6
No symbol table info available.
#2  0x00002b8c606dc862 in slapi_ch_strdup (s1=0x31 <Address 0x31 out of bounds>) at ldap/servers/slapd/ch_malloc.c:276
        newmem = 0x2b8c606dca74 "H\213E#3  0x00002b8c666a27f8 in views_cache_create_applied_filter (pView=0x1090c80) at ldap/servers/plugins/views/views.c:764
        buf = 0x0
        current = (viewEntry *) 0x39088d0
        pCurrentFilter = (Slapi_Filter *) 0x390caa0
        pBuiltFilter = (Slapi_Filter *) 0x390caa0
        pViewEntryExcludeFilter = (Slapi_Filter *) 0x0
        excludeFilter = 0x108fef0 "(ou=#ou=lpp,ou=lab,ou=organisation,dc=id,dc=polytechnique,dc=edu)"
#4  0x00002b8c666a34fb in views_update_views_cache (e=0x46b9c30, dn=0x38eeab0 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu", modtype=4, pb=0x39355c0, caller_data=0x0)
    at ldap/servers/plugins/views/views.c:1430
        pDn = 0x392cd40 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu"
        theView = (viewEntry *) 0x1090c80
        current = (viewEntry *) 0x1090c80
        attr = (Slapi_Attr *) 0x46b9e90
        val = {bv_len = 65, bv_val = 0x108fef0 "(ou=#ou=lpp,ou=lab,ou=organisation,dc=id,dc=polytechnique,dc=edu)"}
        build_cache = 0
#5  0x00002b8c6649f129 in statechange_post_op (pb=0x39355c0, modtype=4) at ldap/servers/plugins/statechange/statechange.c:296
        notify = (SCNotify *) 0x108d170
        execute = 1
        dn = 0x38eeab0 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu"
        e_before = (struct slapi_entry *) 0x3eac180
        e_after = (struct slapi_entry *) 0x46b9c30
#6  0x00002b8c6649eef9 in statechange_mod_post_op (pb=0x39355c0) at ldap/servers/plugins/statechange/statechange.c:205
No locals.
#7  0x00002b8c60720da2 in plugin_call_func (list=0xf698e0, operation=505, pb=0x39355c0, call_one=0) at ldap/servers/slapd/plugin.c:1369
        n = 0xf60c90 "State Change Plugin"
        func = (IFP) 0x2b8c6649eedf <statechange_mod_post_op>
        rc = 0
        return_value = 0
        count = 8
#8  0x00002b8c60720c83 in plugin_call_list (list=0xf365e0, operation=505, pb=0x39355c0) at ldap/servers/slapd/plugin.c:1331
No locals.
#9  0x00002b8c6071ee47 in plugin_call_plugins (pb=0x39355c0, whichfunction=505) at ldap/servers/slapd/plugin.c:324
        p = (struct slapdplugin *) 0xf435e0
        plugin_list_number = 2
        rc = 0
        do_op = 1
#10 0x00002b8c60712c6a in op_shared_modify (pb=0x39355c0, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:846
        rc = 0
        be = (Slapi_Backend *) 0xf72e50
        pse = (Slapi_Entry *) 0x46b9c30
        referral = (Slapi_Entry *) 0x0
        ecopy = (Slapi_Entry *) 0x0
        e = (Slapi_Entry *) 0x38fcec0
        ebuf = '\0' <repeats 6800 times>, "?017ºH\000\000\000\000`?\000\000\000\000\223-C\000\000\000\000\000\002\000\000\000\000\000\000\000`?\000\000\000\000\002\000\000\000\000\000\000\000?017ºH\000\000\000\000\023?e>\000\000\000\002\000\000\000\000\000\000\000`?\000\000\000\000\004\000\000\000\000\000\000\000O\230Be>", '\0' <repeats 21 times>, "\0026\000\000\000\202?017ºH\000\000\000\000\223-C\000\000\000\000\000\223-C", '\0' <repeats 13 times>, "P\235Be>", '\0' <repeats 107 times>, " 00\000\000?a>\000\000\000?a>", '\0' <repeats 12 times>, "00\000"...
        dn = 0x390aee0 "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu"
        sdn = {flag = 4 '\004', dn = 0x390aee0 "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu", ndn = 0x38eeab0 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu", ndn_len = 52}
        mods = (LDAPMod **) 0x5c21720
        pw_mod = (LDAPMod *) 0x200000001
        tmpmods = (LDAPMod **) 0x5c21720
        smods = {mods = 0x0, num_elements = 4, num_mods = 3, iterator = 3, free_mods = 0}
        unhashed_pw_smod = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 1}
        repl_op = 0
        internal_op = 0
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = (Slapi_Operation *) 0x5c218e0
        errorbuf = '\0' <repeats 1272 times>, "?017!>0", '\0' <repeats 19 times>, "?H", '\0' <repeats 28 times>, "\006§v`\214+", '\0' <repeats 18 times>, "P¶¹H\000\000\000\000\005§v`\214+\000\000G022!>0", '\0' <repeats 27 times>, "°?H", '\0' <repeats 356 times>, "P?H", '\0' <repeats 11 times>, " ", '\0' <repeats 98 times>, "90\000\000\000\000\200?\000\000\000\000\000\200¶¹H\000\000\000\000\001\000\000\000\000\000\000\000@\031ºH\000\000\000\000\000 ºH\000\000\000\000\000\020\000\000\000\000\000\000?\">0\000\000\000?`\214+\000\000\235§p`\214"...
        err = 0
        lc_mod = (LDAPMod *) 0x0
        p = (struct slapdplugin *) 0x0
        numattr = 59987392
        i = 0
#11 0x00002b8c60711c1d in do_modify (pb=0x39355c0) at ldap/servers/slapd/modify.c:341
        operation = (Slapi_Operation *) 0x5c218e0
        ber = (BerElement *) 0x5c21a58
        last = 0x5c21cd8 "ique.fr£\201?\201?\003\002\001\001¡\003\002\001\003¢\201˜004\201??o»\226>G\224$ZS016\034\177¹?´\\!a¨???\235Kz?(K\232\2309Mh?\227W¹\032]\003?020cdºVr4G020f?33][\217?nw4\202?+z[\213\01b.\\\025L\032\r0i?sZ\237R?º«"
        type = 0x0
        tag = 4294967294
        len = 88
        mod = (LDAPMod *) 0x0
        mods = (LDAPMod **) 0x5c21720
        smods = {mods = 0x0, num_elements = 4, num_mods = 1, iterator = 1, free_mods = 0}
        err = 0
        pw_change = 0
        ignored_some_mods = 0
        has_password_mod = 0
        old_pw = 0x0
        dn = 0x390aee0 "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu"
#12 0x0000000000411c07 in connection_dispatch_operation (conn=0x2aaaaaab4c10, op=0x5c218e0, pb=0x39355c0) at ldap/servers/slapd/connection.c:504
No locals.
#13 0x00000000004132cf in connection_threadmain () at ldap/servers/slapd/connection.c:2163
        is_timedout = 0
        pb = (Slapi_PBlock *) 0x39355c0
        interval = 10000
        conn = (Connection *) 0x2aaaaaab4c10
        op = (Operation *) 0x5c218e0
        tag = 102
        need_wakeup = 0
        thread_turbo_flag = 1
        ret = 0
        more_data = 0
        replication_connection = 0
#14 0x000000303e227ded in PR_JoinThread () from /usr/lib64/libnspr4.so
No symbol table info available.
#15 0x0000003e618062f7 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#16 0x0000003e610d1e3d in clone () from /lib64/libc.so.6
No symbol table info available.
Comment 5 Rich Megginson 2009-01-30 11:08:11 EST
Thanks, this is excellent information.
Comment 6 Rich Megginson 2009-02-04 17:58:19 EST
Created attachment 330931 [details]
diffs
Comment 7 Andrey Ivanov 2009-02-05 06:49:40 EST
I have just tested this patch in the same configuration, it does eliminate the server crash mentioned in the subject.
Comment 8 Rich Megginson 2009-02-05 10:20:51 EST
Created attachment 330994 [details]
cvs commit log

Resolves: bug 483254
Bug Description: Modification of nsViewFilter of a virtual view OU crashes the server
Reviewed by: nhosoi, andrey.ivanov (Thanks!)
Fix Description: When we delete a node, not only do we need to have the parent node discover its new children, we need to have each child discover a new parent.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Comment 9 Yi Zhang 2009-04-13 14:57:43 EDT
(Thanks Noriko's help)
Bug verified. Bug closed

my test is below :

1. set up ds server
2. set up example test db (dbgen.pl -o 1k.ldif -n 1000)
3. inject data into "dc=example,dc=com" (I use console import function to inject data)
4. set up virtual view with bug-1.ldif (see below)
   /usr/lib64/mozldap/ldapmodify -D "cn=directory manager" -w redhat123 -a -f ./bug-1.ldif

5. verify the virtual view 
    /usr/lib64/mozldap/ldapsearch -D "cn=directory manager" -w redhat123 -s sub -b "ou=Accounting,ou=VirtualViews,dc=example,dc=com" objectclass=* dn
version: 1
dn: ou=Accounting,ou=VirtualViews,dc=example,dc=com

dn: uid=TVradmin0, dc=example,dc=com

dn: uid=DSubissat3, dc=example,dc=com

6. modify virtual view filter with bug-2.ldif
  /usr/lib64/mozldap/ldapmodify -D "cn=directory manager" -w redhat123 -a -f ./bug-2.ldif 
modifying entry ou=virtualviews,dc=example,dc=com

7. modify view (disable it) with bug-3.ldif file
 /usr/lib64/mozldap/ldapmodify -D "cn=directory manager" -w redhat123 -a -f ./bug-3.ldif modifying entry ou=accounting,ou=virtualviews,dc=example,dc=com

8. verity: server should still working
 /usr/lib64/mozldap/ldapsearch -D "cn=directory manager" -w redhat123 -s sub -b "ou=Accounting,ou=VirtualViews,dc=example,dc=com" objectclass=* dn
version: 1
dn: ou=Accounting,ou=VirtualViews,dc=example,dc=com


==> test result: passed

============= Data file used ==================
-----------------[root@mv64a-vm ~]# cat bug-3.ldif 
dn: ou=accounting,ou=virtualviews,dc=example,dc=com
changetype: modify
replace: nsViewFilter
nsViewFilter: (ou=#ou=accounting,dc=example,dc=com)

-----------------[root@mv64a-vm ~]# cat bug-2.ldif 
dn: ou=virtualviews,dc=example,dc=com
changetype: modify
replace: objectClass
objectClass: organizationalUnit
objectClass: top
--------------------[root@mv64a-vm ~]# cat bug-1.ldif 
dn: ou=virtualviews,dc=example,dc=com
objectClass: nsView
objectClass: organizationalUnit
objectClass: top

dn: ou=Accounting,ou=VirtualViews,dc=example,dc=com
nsViewFilter: (ou=ou=Accounting,dc=example,dc=com)
ou: Accounting
objectClass: top
objectClass: organizationalUnit
objectClass: nsView
description: Test Accounting vitual view

dn: uid=TVradmin0, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: ou=Accounting,dc=example,dc=com
cn: Teena Vradmin
sn: Vradmin
uid: TVradmin0
givenName: Teena
description: 2;649;CN=Red Hat CS 71GA Demo,O=Red Hat CS 71GA Demo,C=US;CN=RHCS Agent - admin01,UID=admin01,O=redhat,C=US [1] This is Teena Vradmin's description.
userPassword: TVradmin0
departmentNumber: 2220
employeeType: Manager
homePhone: +1 510 551-9687
initials: T. V.
telephoneNumber: +1 303 703-2147
facsimileTelephoneNumber: +1 206 682-3534
mobile: +1 213 151-5816
pager: +1 804 769-1685
manager: Olga Lake
secretary: Silva Giamatteo
roomNumber: 7730
carLicense: ZSN6DM3
l: Milpitas
ou: Accounting
mail: Teena_Vradmin@example.com

dn: uid=DSubissat3, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: ou=Accounting,dc=example,dc=com
cn: Debera Subissati
sn: Subissati
uid: DSubissat3
givenName: Debera
description: 2;4201;CN=Red Hat CS 71GA Demo,O=Red Hat CS 71GA Demo,C=US;CN=RHCS Agent - admin01,UID=admin01,O=redhat,C=US [1] This is Debera Subissati's description.
userPassword: DSubissat3
departmentNumber: 822
employeeType: Manager
homePhone: +1 804 804-5911
initials: D. S.
telephoneNumber: +1 206 391-4080
facsimileTelephoneNumber: +1 415 792-4170
mobile: +1 415 366-5227
pager: +1 818 252-9378
manager: Teresa Hardy
secretary: Aubree Noye
roomNumber: 2666
carLicense: IY2JT8R
l: New York
ou: Accounting
mail: Debera_Subissati@example.com

dn: uid=YLucas7, dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Yasmin Lucas
sn: Lucas
uid: YLucas7
givenName: Yasmin
description: 2;5793;CN=Red Hat CS 71GA Demo,O=Red Hat CS 71GA Demo,C=US;CN=RHCS Agent - admin01,UID=admin01,O=redhat,C=US [1] This is Yasmin Lucas's description.
userPassword: YLucas7
departmentNumber: 7146
employeeType: Manager
homePhone: +1 206 275-5439
initials: Y. L.
telephoneNumber: +1 510 887-8679
facsimileTelephoneNumber: +1 415 662-9334
mobile: +1 510 117-5056
pager: +1 818 704-6219
manager: Nick Chan
secretary: Carm Berube
roomNumber: 2909
carLicense: 7J2DFJV
l: Menlo Park
ou: Accounting
mail: Yasmin_Lucas@example.com
Comment 10 Chandrasekar Kannan 2009-04-29 19:10:00 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.