Bug 487574 - server crash during modify operation
server crash during modify operation
Product: 389
Classification: Community
Component: Server - DNA Plug-in (Show other bugs)
All Linux
low Severity urgent
: ---
: ---
Assigned To: Nathan Kinder
Chandrasekar Kannan
Depends On:
Blocks: 249650 487590 FDS1.2.0
  Show dependency treegraph
Reported: 2009-02-26 14:04 EST by Rob Crittenden
Modified: 2015-01-04 18:36 EST (History)
3 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 487590 (view as bug list)
Last Closed: 2009-04-29 19:10:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
DS DNA patch (3.20 KB, patch)
2009-02-26 14:58 EST, Nathan Kinder
no flags Details | Diff
Revised DS DNA patch (3.20 KB, patch)
2009-02-26 16:09 EST, Nathan Kinder
no flags Details | Diff

  None (edit)
Description Rob Crittenden 2009-02-26 14:04:57 EST
Description of problem:

I can force a server crash using ldapmodify.

Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:
% ldapmodify -x -D "cn=directory manager" -W
dn: cn=foo,cn=groups,cn=accounts,dc=example.com,dc=com
changetype: modify
delete: gidnumber

(gdb) where
#0  dna_pre_op (pb=0x930fe60, modtype=4) at dna.c:1295
#1  0x0017c0a1 in ?? () from /usr/lib/dirsrv/libslapd.so.0
#2  0x0017c2ae in plugin_call_plugins () from /usr/lib/dirsrv/libslapd.so.0
#3  0x0016fb7c in ?? () from /usr/lib/dirsrv/libslapd.so.0
#4  0x001711bc in do_modify () from /usr/lib/dirsrv/libslapd.so.0
#5  0x08058157 in ber_sockbuf_free ()
#6  0x00927f81 in ?? () from /lib/libnspr4.so
#7  0x00bd532f in start_thread () from /lib/libpthread.so.0
#8  0x00af220e in clone () from /lib/libc.so.6
(gdb) print bv
$1 = (struct berval *) 0x0
Comment 1 Rob Crittenden 2009-02-26 14:13:08 EST
Backtrace using the FDS DNA plugin. This build is from the source tip from 2/11/09.

#0  dna_pre_op (pb=0x9c48460, modtype=4) at ldap/servers/plugins/dna/dna.c:2636
#1  0x0017c0a1 in plugin_call_func (list=0x9a14070, operation=405, 
    pb=0x9c48460, call_one=0) at ldap/servers/slapd/plugin.c:1369
#2  0x0017c2ae in plugin_call_plugins (pb=0x9c48460, whichfunction=405)
    at ldap/servers/slapd/plugin.c:1331
#3  0x0016fb7c in op_shared_modify (pb=0x9c48460, pw_change=0, old_pw=0x0)
    at ldap/servers/slapd/modify.c:777
#4  0x001711bc in do_modify (pb=0x9c48460) at ldap/servers/slapd/modify.c:341
#5  0x08058157 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:502
#6  0x00927f81 in ?? () from /lib/libnspr4.so
#7  0x00bd532f in start_thread () from /lib/libpthread.so.0
#8  0x00af220e in clone () from /lib/libc.so.6
(gdb) print bv
$1 = (struct berval *) 0x0
Comment 2 Nathan Kinder 2009-02-26 14:58:16 EST
Created attachment 333377 [details]
DS DNA patch
Comment 3 Rob Crittenden 2009-02-26 15:18:49 EST
Tested 3 scenarios, 2 passed:

dn: cn=foo,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
delete: gidnumber

dn: cn=foo,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
replace: gidnumber

dn: cn=foo,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
delete: gidnumber
gidnumber: 1103

The entry looks like this:

dn: cn=foo,cn=groups,cn=accounts,dc=example,dc=com
objectClass: top
objectClass: groupofnames
objectClass: posixGroup
objectClass: inetUser
description: foo
cn: foo
gidNumber: 1103

I'm attached to the slapd process but not getting a backtrace when it quits, just:

[Thread 0xb4c21b90 (LWP 31146) exited]
[ a slew more ]
[Thread 0xb6023b90 (LWP 31144) exited]

Program exited with code 0177.
Comment 4 Nathan Kinder 2009-02-26 16:09:36 EST
Created attachment 333386 [details]
Revised DS DNA patch
Comment 5 Rob Crittenden 2009-02-26 16:20:45 EST
All my tests pass now
Comment 6 Nathan Kinder 2009-02-26 16:41:45 EST
Checked into ldapserver (HEAD).  Thanks to Rich for his review, and to Rob for his testing!

Checking in ldap/servers/plugins/dna/dna.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/dna/dna.c,v  <--  dna.c
new revision: 1.17; previous revision: 1.16
Comment 7 Jenny Galipeau 2009-04-08 09:39:12 EDT
Rob -Nathan - can I get a bit of information on the setup for this bug? I would like to add regression tests to the automated acceptance tests.  How was the original group assigned its gidNumber - I don't want to assume via DNA plugin?  Thanks Jenny
Comment 8 Rob Crittenden 2009-04-08 10:29:14 EDT
gidnumber was assigned by DNA when the group entry was created during my testing.
Comment 9 Jenny Galipeau 2009-04-08 10:35:21 EDT
thanks Rich!
Comment 10 Jenny Galipeau 2009-04-08 14:53:14 EDT
fix verified - RHEL 4 - DS 8.1 - scenarios above do not crash the server and new gidNumbers are assigned.
Comment 11 Chandrasekar Kannan 2009-04-29 19:10:52 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.