User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 When constructing virtual views the change of the value of nsViewFilter from a correct one to a value containing a special character crashes the server. The problem is reproducible after the server works for some time. Reproducible: Sometimes Steps to Reproduce: 1. Create the following virtual views : dn: ou=virtualviews,dc=id,dc=polytechnique,dc=edu changetype: modify replace: objectClass objectClass: nsView objectClass: organizationalUnit objectClass: top ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu nsViewFilter: (ou=ou=lpp,ou=lab,ou=organisation,dc=id,dc=polytechnique,dc=edu) ou: LPP objectClass: top objectClass: organizationalUnit objectClass: nsView description: Test LPP 2. Test that it works so that it shows the entries generated by virtualviews and ensure that they are correctly displayed ldapvi -Y GSSAPI -h localhost -b "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu" ldapvi -Y GSSAPI -h localhost -b "ou=VirtualViews,dc=id,dc=polytechnique,dc=edu" 3. Suppress the "objectClass: nsView" in the upper view : dn: ou=virtualviews,dc=id,dc=polytechnique,dc=edu changetype: modify replace: objectClass objectClass: organizationalUnit objectClass: top - This step seems to be important. Without it i cannot reproduce the problem in a reliable way. 4. Reverify thet everything is fine : ldapvi -Y GSSAPI -h localhost -b "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu" 5. Change the nsViewFilter attribute as follows : n: ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu changetype: modify replace: nsViewFilter nsViewFilter: (ou=#ou=lpp,ou=lab,ou=organisation,dc=id,dc=polytechnique,dc=edu ) - In other words, i have added the '#' in the middle of the filter. Actual Results: The server crashes. Expected Results: The server should not crash. The same modification of the filter seems to be OK when the upper container (ou=virtualviews,dc=id,dc=polytechnique,dc=edu) contains the class "nsView" stack trace : Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1368930624 (LWP 20965)] 0x00002b94b73704b4 in views_cache_create_applied_filter () from /Local/dirsrv/lib/dirsrv/plugins/libviews-plugin.so (gdb) bt #0 0x00002b94b73704b4 in views_cache_create_applied_filter () from /Local/dirsrv/lib/dirsrv/plugins/libviews-plugin.so #1 0x00002b94b7371927 in views_update_views_cache () from /Local/dirsrv/lib/dirsrv/plugins/libviews-plugin.so #2 0x00002b94b716ced2 in statechange_post_op () from /Local/dirsrv/lib/dirsrv/plugins/libstatechange-plugin.so #3 0x00002b94b142908d in plugin_call_func () from /Local/dirsrv/lib/dirsrv/libslapd.so.0 #4 0x00002b94b14291fe in plugin_call_plugins () from /Local/dirsrv/lib/dirsrv/libslapd.so.0 #5 0x00002b94b141e33b in op_shared_modify () from /Local/dirsrv/lib/dirsrv/libslapd.so.0 #6 0x00002b94b141f1c2 in do_modify () from /Local/dirsrv/lib/dirsrv/libslapd.so.0 #7 0x0000000000412f6e in connection_threadmain () #8 0x000000303e227ded in PR_JoinThread () from /usr/lib64/libnspr4.so #9 0x0000003e618062f7 in start_thread () from /lib64/libpthread.so.0 #10 0x0000003e610d1e3d in clone () from /lib64/libc.so.6
The message in access log : [30/Jan/2009:15:38:30 +0100] views-plugin - Error: the view filter [<F0>6<AB>^C] in entry [@..\04] is not valid
It was of course error log, not access log
Here is the same stack trace with the debugging information : #0 0x0000003e61078580 in strlen () from /lib64/libc.so.6 #1 0x0000003e610782d6 in strdup () from /lib64/libc.so.6 #2 0x00002b8c606dc862 in slapi_ch_strdup (s1=0x31 <Address 0x31 out of bounds>) at ldap/servers/slapd/ch_malloc.c:276 #3 0x00002b8c666a27f8 in views_cache_create_applied_filter (pView=0x1090c80) at ldap/servers/plugins/views/views.c:764 #4 0x00002b8c666a34fb in views_update_views_cache (e=0x46b9c30, dn=0x38eeab0 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu", modtype=4, pb=0x39355c0, caller_data=0x0) at ldap/servers/plugins/views/views.c:1430 #5 0x00002b8c6649f129 in statechange_post_op (pb=0x39355c0, modtype=4) at ldap/servers/plugins/statechange/statechange.c:296 #6 0x00002b8c6649eef9 in statechange_mod_post_op (pb=0x39355c0) at ldap/servers/plugins/statechange/statechange.c:205 #7 0x00002b8c60720da2 in plugin_call_func (list=0xf698e0, operation=505, pb=0x39355c0, call_one=0) at ldap/servers/slapd/plugin.c:1369 #8 0x00002b8c60720c83 in plugin_call_list (list=0xf365e0, operation=505, pb=0x39355c0) at ldap/servers/slapd/plugin.c:1331 #9 0x00002b8c6071ee47 in plugin_call_plugins (pb=0x39355c0, whichfunction=505) at ldap/servers/slapd/plugin.c:324 #10 0x00002b8c60712c6a in op_shared_modify (pb=0x39355c0, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:846 #11 0x00002b8c60711c1d in do_modify (pb=0x39355c0) at ldap/servers/slapd/modify.c:341 #12 0x0000000000411c07 in connection_dispatch_operation (conn=0x2aaaaaab4c10, op=0x5c218e0, pb=0x39355c0) at ldap/servers/slapd/connection.c:504 #13 0x00000000004132cf in connection_threadmain () at ldap/servers/slapd/connection.c:2163 #14 0x000000303e227ded in PR_JoinThread () from /usr/lib64/libnspr4.so #15 0x0000003e618062f7 in start_thread () from /lib64/libpthread.so.0 #16 0x0000003e610d1e3d in clone () from /lib64/libc.so.6
bt full : #0 0x0000003e61078580 in strlen () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003e610782d6 in strdup () from /lib64/libc.so.6 No symbol table info available. #2 0x00002b8c606dc862 in slapi_ch_strdup (s1=0x31 <Address 0x31 out of bounds>) at ldap/servers/slapd/ch_malloc.c:276 newmem = 0x2b8c606dca74 "H\213E#3 0x00002b8c666a27f8 in views_cache_create_applied_filter (pView=0x1090c80) at ldap/servers/plugins/views/views.c:764 buf = 0x0 current = (viewEntry *) 0x39088d0 pCurrentFilter = (Slapi_Filter *) 0x390caa0 pBuiltFilter = (Slapi_Filter *) 0x390caa0 pViewEntryExcludeFilter = (Slapi_Filter *) 0x0 excludeFilter = 0x108fef0 "(ou=#ou=lpp,ou=lab,ou=organisation,dc=id,dc=polytechnique,dc=edu)" #4 0x00002b8c666a34fb in views_update_views_cache (e=0x46b9c30, dn=0x38eeab0 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu", modtype=4, pb=0x39355c0, caller_data=0x0) at ldap/servers/plugins/views/views.c:1430 pDn = 0x392cd40 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu" theView = (viewEntry *) 0x1090c80 current = (viewEntry *) 0x1090c80 attr = (Slapi_Attr *) 0x46b9e90 val = {bv_len = 65, bv_val = 0x108fef0 "(ou=#ou=lpp,ou=lab,ou=organisation,dc=id,dc=polytechnique,dc=edu)"} build_cache = 0 #5 0x00002b8c6649f129 in statechange_post_op (pb=0x39355c0, modtype=4) at ldap/servers/plugins/statechange/statechange.c:296 notify = (SCNotify *) 0x108d170 execute = 1 dn = 0x38eeab0 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu" e_before = (struct slapi_entry *) 0x3eac180 e_after = (struct slapi_entry *) 0x46b9c30 #6 0x00002b8c6649eef9 in statechange_mod_post_op (pb=0x39355c0) at ldap/servers/plugins/statechange/statechange.c:205 No locals. #7 0x00002b8c60720da2 in plugin_call_func (list=0xf698e0, operation=505, pb=0x39355c0, call_one=0) at ldap/servers/slapd/plugin.c:1369 n = 0xf60c90 "State Change Plugin" func = (IFP) 0x2b8c6649eedf <statechange_mod_post_op> rc = 0 return_value = 0 count = 8 #8 0x00002b8c60720c83 in plugin_call_list (list=0xf365e0, operation=505, pb=0x39355c0) at ldap/servers/slapd/plugin.c:1331 No locals. #9 0x00002b8c6071ee47 in plugin_call_plugins (pb=0x39355c0, whichfunction=505) at ldap/servers/slapd/plugin.c:324 p = (struct slapdplugin *) 0xf435e0 plugin_list_number = 2 rc = 0 do_op = 1 #10 0x00002b8c60712c6a in op_shared_modify (pb=0x39355c0, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:846 rc = 0 be = (Slapi_Backend *) 0xf72e50 pse = (Slapi_Entry *) 0x46b9c30 referral = (Slapi_Entry *) 0x0 ecopy = (Slapi_Entry *) 0x0 e = (Slapi_Entry *) 0x38fcec0 ebuf = '\0' <repeats 6800 times>, "?017ºH\000\000\000\000`?\000\000\000\000\223-C\000\000\000\000\000\002\000\000\000\000\000\000\000`?\000\000\000\000\002\000\000\000\000\000\000\000?017ºH\000\000\000\000\023?e>\000\000\000\002\000\000\000\000\000\000\000`?\000\000\000\000\004\000\000\000\000\000\000\000O\230Be>", '\0' <repeats 21 times>, "\0026\000\000\000\202?017ºH\000\000\000\000\223-C\000\000\000\000\000\223-C", '\0' <repeats 13 times>, "P\235Be>", '\0' <repeats 107 times>, " 00\000\000?a>\000\000\000?a>", '\0' <repeats 12 times>, "00\000"... dn = 0x390aee0 "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu" sdn = {flag = 4 '\004', dn = 0x390aee0 "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu", ndn = 0x38eeab0 "ou=lpp,ou=virtualviews,dc=id,dc=polytechnique,dc=edu", ndn_len = 52} mods = (LDAPMod **) 0x5c21720 pw_mod = (LDAPMod *) 0x200000001 tmpmods = (LDAPMod **) 0x5c21720 smods = {mods = 0x0, num_elements = 4, num_mods = 3, iterator = 3, free_mods = 0} unhashed_pw_smod = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 1} repl_op = 0 internal_op = 0 lastmod = 1 skip_modified_attrs = 0 unhashed_pw_attr = 0x0 operation = (Slapi_Operation *) 0x5c218e0 errorbuf = '\0' <repeats 1272 times>, "?017!>0", '\0' <repeats 19 times>, "?H", '\0' <repeats 28 times>, "\006§v`\214+", '\0' <repeats 18 times>, "P¶¹H\000\000\000\000\005§v`\214+\000\000G022!>0", '\0' <repeats 27 times>, "°?H", '\0' <repeats 356 times>, "P?H", '\0' <repeats 11 times>, " ", '\0' <repeats 98 times>, "90\000\000\000\000\200?\000\000\000\000\000\200¶¹H\000\000\000\000\001\000\000\000\000\000\000\000@\031ºH\000\000\000\000\000 ºH\000\000\000\000\000\020\000\000\000\000\000\000?\">0\000\000\000?`\214+\000\000\235§p`\214"... err = 0 lc_mod = (LDAPMod *) 0x0 p = (struct slapdplugin *) 0x0 numattr = 59987392 i = 0 #11 0x00002b8c60711c1d in do_modify (pb=0x39355c0) at ldap/servers/slapd/modify.c:341 operation = (Slapi_Operation *) 0x5c218e0 ber = (BerElement *) 0x5c21a58 last = 0x5c21cd8 "ique.fr£\201?\201?\003\002\001\001¡\003\002\001\003¢\201˜004\201??o»\226>G\224$ZS016\034\177¹?´\\!a¨???\235Kz?(K\232\2309Mh?\227W¹\032]\003?020cdºVr4G020f?33][\217?nw4\202?+z[\213\01b.\\\025L\032\r0i?sZ\237R?º«" type = 0x0 tag = 4294967294 len = 88 mod = (LDAPMod *) 0x0 mods = (LDAPMod **) 0x5c21720 smods = {mods = 0x0, num_elements = 4, num_mods = 1, iterator = 1, free_mods = 0} err = 0 pw_change = 0 ignored_some_mods = 0 has_password_mod = 0 old_pw = 0x0 dn = 0x390aee0 "ou=LPP,ou=VirtualViews,dc=id,dc=polytechnique,dc=edu" #12 0x0000000000411c07 in connection_dispatch_operation (conn=0x2aaaaaab4c10, op=0x5c218e0, pb=0x39355c0) at ldap/servers/slapd/connection.c:504 No locals. #13 0x00000000004132cf in connection_threadmain () at ldap/servers/slapd/connection.c:2163 is_timedout = 0 pb = (Slapi_PBlock *) 0x39355c0 interval = 10000 conn = (Connection *) 0x2aaaaaab4c10 op = (Operation *) 0x5c218e0 tag = 102 need_wakeup = 0 thread_turbo_flag = 1 ret = 0 more_data = 0 replication_connection = 0 #14 0x000000303e227ded in PR_JoinThread () from /usr/lib64/libnspr4.so No symbol table info available. #15 0x0000003e618062f7 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #16 0x0000003e610d1e3d in clone () from /lib64/libc.so.6 No symbol table info available.
Thanks, this is excellent information.
Created attachment 330931 [details] diffs
I have just tested this patch in the same configuration, it does eliminate the server crash mentioned in the subject.
Created attachment 330994 [details] cvs commit log Resolves: bug 483254 Bug Description: Modification of nsViewFilter of a virtual view OU crashes the server Reviewed by: nhosoi, andrey.ivanov (Thanks!) Fix Description: When we delete a node, not only do we need to have the parent node discover its new children, we need to have each child discover a new parent. Platforms tested: RHEL5 Flag Day: no Doc impact: no
(Thanks Noriko's help) Bug verified. Bug closed my test is below : 1. set up ds server 2. set up example test db (dbgen.pl -o 1k.ldif -n 1000) 3. inject data into "dc=example,dc=com" (I use console import function to inject data) 4. set up virtual view with bug-1.ldif (see below) /usr/lib64/mozldap/ldapmodify -D "cn=directory manager" -w redhat123 -a -f ./bug-1.ldif 5. verify the virtual view /usr/lib64/mozldap/ldapsearch -D "cn=directory manager" -w redhat123 -s sub -b "ou=Accounting,ou=VirtualViews,dc=example,dc=com" objectclass=* dn version: 1 dn: ou=Accounting,ou=VirtualViews,dc=example,dc=com dn: uid=TVradmin0, dc=example,dc=com dn: uid=DSubissat3, dc=example,dc=com 6. modify virtual view filter with bug-2.ldif /usr/lib64/mozldap/ldapmodify -D "cn=directory manager" -w redhat123 -a -f ./bug-2.ldif modifying entry ou=virtualviews,dc=example,dc=com 7. modify view (disable it) with bug-3.ldif file /usr/lib64/mozldap/ldapmodify -D "cn=directory manager" -w redhat123 -a -f ./bug-3.ldif modifying entry ou=accounting,ou=virtualviews,dc=example,dc=com 8. verity: server should still working /usr/lib64/mozldap/ldapsearch -D "cn=directory manager" -w redhat123 -s sub -b "ou=Accounting,ou=VirtualViews,dc=example,dc=com" objectclass=* dn version: 1 dn: ou=Accounting,ou=VirtualViews,dc=example,dc=com ==> test result: passed ============= Data file used ================== -----------------[root@mv64a-vm ~]# cat bug-3.ldif dn: ou=accounting,ou=virtualviews,dc=example,dc=com changetype: modify replace: nsViewFilter nsViewFilter: (ou=#ou=accounting,dc=example,dc=com) -----------------[root@mv64a-vm ~]# cat bug-2.ldif dn: ou=virtualviews,dc=example,dc=com changetype: modify replace: objectClass objectClass: organizationalUnit objectClass: top --------------------[root@mv64a-vm ~]# cat bug-1.ldif dn: ou=virtualviews,dc=example,dc=com objectClass: nsView objectClass: organizationalUnit objectClass: top dn: ou=Accounting,ou=VirtualViews,dc=example,dc=com nsViewFilter: (ou=ou=Accounting,dc=example,dc=com) ou: Accounting objectClass: top objectClass: organizationalUnit objectClass: nsView description: Test Accounting vitual view dn: uid=TVradmin0, dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: ou=Accounting,dc=example,dc=com cn: Teena Vradmin sn: Vradmin uid: TVradmin0 givenName: Teena description: 2;649;CN=Red Hat CS 71GA Demo,O=Red Hat CS 71GA Demo,C=US;CN=RHCS Agent - admin01,UID=admin01,O=redhat,C=US [1] This is Teena Vradmin's description. userPassword: TVradmin0 departmentNumber: 2220 employeeType: Manager homePhone: +1 510 551-9687 initials: T. V. telephoneNumber: +1 303 703-2147 facsimileTelephoneNumber: +1 206 682-3534 mobile: +1 213 151-5816 pager: +1 804 769-1685 manager: Olga Lake secretary: Silva Giamatteo roomNumber: 7730 carLicense: ZSN6DM3 l: Milpitas ou: Accounting mail: Teena_Vradmin dn: uid=DSubissat3, dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: ou=Accounting,dc=example,dc=com cn: Debera Subissati sn: Subissati uid: DSubissat3 givenName: Debera description: 2;4201;CN=Red Hat CS 71GA Demo,O=Red Hat CS 71GA Demo,C=US;CN=RHCS Agent - admin01,UID=admin01,O=redhat,C=US [1] This is Debera Subissati's description. userPassword: DSubissat3 departmentNumber: 822 employeeType: Manager homePhone: +1 804 804-5911 initials: D. S. telephoneNumber: +1 206 391-4080 facsimileTelephoneNumber: +1 415 792-4170 mobile: +1 415 366-5227 pager: +1 818 252-9378 manager: Teresa Hardy secretary: Aubree Noye roomNumber: 2666 carLicense: IY2JT8R l: New York ou: Accounting mail: Debera_Subissati dn: uid=YLucas7, dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Yasmin Lucas sn: Lucas uid: YLucas7 givenName: Yasmin description: 2;5793;CN=Red Hat CS 71GA Demo,O=Red Hat CS 71GA Demo,C=US;CN=RHCS Agent - admin01,UID=admin01,O=redhat,C=US [1] This is Yasmin Lucas's description. userPassword: YLucas7 departmentNumber: 7146 employeeType: Manager homePhone: +1 206 275-5439 initials: Y. L. telephoneNumber: +1 510 887-8679 facsimileTelephoneNumber: +1 415 662-9334 mobile: +1 510 117-5056 pager: +1 818 704-6219 manager: Nick Chan secretary: Carm Berube roomNumber: 2909 carLicense: 7J2DFJV l: Menlo Park ou: Accounting mail: Yasmin_Lucas
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html