Bug 498432 - deref_r can cause ns-slapd to crash
deref_r can cause ns-slapd to crash
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: slapi-nis (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-30 09:47 EDT by Rob Crittenden
Modified: 2009-05-12 20:29 EDT (History)
1 user (show)

See Also:
Fixed In Version: 0.15-1.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-12 20:29:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The data (15.10 KB, text/x-ldif)
2009-04-30 09:47 EDT, Rob Crittenden
no flags Details

  None (edit)
Description Rob Crittenden 2009-04-30 09:47:30 EDT
Created attachment 341924 [details]
The data

Description of problem:

This configuration entry can cause ns-slapd to crash:

schema-compat-entry-attribute: nisNetgroupTriple=(%link("%{externalHost}", "-", ",", "%deref_r(\"memberUser\",\"member\")", "-"),%{nisDomainName:-})

#0  0x00110416 in __kernel_vsyscall ()
#1  0x00a3e660 in raise () from /lib/libc.so.6
#2  0x00a40028 in abort () from /lib/libc.so.6
#3  0x00a7b64d in __libc_message () from /lib/libc.so.6
#4  0x00a81874 in malloc_printerr () from /lib/libc.so.6
#5  0x00c0d5ed in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#6  0x00c1241e in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#7  0x00c10dbf in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#8  0x00c11b27 in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#9  0x00c11d0b in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#10 0x00c0969c in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#11 0x00c0aa84 in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#12 0x0017f2a6 in internal_srch_entry_callback (be=0xa135c28, conn=0x0, 
    op=0xa141d88, e=0xa1de038) at ldap/servers/slapd/plugin_internal_op.c:131
#13 0x0018b864 in send_ldap_search_entry_ext (pb=0xa141c28, e=0xa1de038, 
    ectrls=0x0, attrs=0x0, attrsonly=0, send_result=0, nentries=0, urls=0x0)
    at ldap/servers/slapd/result.c:1200
#14 0x0018c101 in send_ldap_search_entry (pb=0xa141c28, e=0xa1de038, 
    ectrls=0x0, attrs=0x0, attrsonly=0) at ldap/servers/slapd/result.c:805
#15 0x00174f8a in iterate (pb=0xa141c28, be=0xa135c28, send_result=1, 
    pnentries=0xae6a2b1c) at ldap/servers/slapd/opshared.c:1115
#16 0x00175b4e in op_shared_search (pb=0xa141c28, send_result=1)
    at ldap/servers/slapd/opshared.c:1309
#17 0x0017f815 in search_internal_callback_pb (pb=0xa141c28, 
    callback_data=<value optimized out>, prc=0, psec=0xc0aa60 <tsearch+11500>, 
    prec=0) at ldap/servers/slapd/plugin_internal_op.c:761
#18 0x00c0cf4f in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#19 0x00c09464 in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#20 0x00c0b1f3 in tsearch ()
   from /usr/lib/dirsrv/plugins/schemacompat-plugin.so
#21 0x0017c0a1 in plugin_call_func (list=0xa12d7b8, operation=507, 
    pb=0xa1dd890, call_one=0) at ldap/servers/slapd/plugin.c:1369
#22 0x0017c2ae in plugin_call_plugins (pb=0xa1dd890, whichfunction=507)
    at ldap/servers/slapd/plugin.c:1331
#23 0x00134fdf in op_shared_add (pb=0xa1dd890) at ldap/servers/slapd/add.c:669
#24 0x00136695 in do_add (pb=0xa1dd890) at ldap/servers/slapd/add.c:225
#25 0x08058132 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:487
#26 0x00927f81 in ?? () from /lib/libnspr4.so
#27 0x00bd532f in start_thread () from /lib/libpthread.so.0
#28 0x00af220e in clone () from /lib/libc.so.6

Here is the entire entry:

dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: ng
schema-compat-container-group: cn=compat, dc=example, dc=com
schema-compat-container-rdn: cn=ng
schema-compat-check-access: yes
schema-compat-search-base: cn=ng,cn=alt,dc=example,dc=com
schema-compat-search-filter: !(cn=ng)
schema-compat-entry-rdn: cn=%{cn}
schema-compat-entry-attribute: objectclass=nisNetgroup
schema-compat-entry-attribute: memberNisNetgroup=%deref_r("member","cn")
schema-compat-entry-attribute: memberNisNetgroup=%referred_r("cn=ng","memberOf","cn")
schema-compat-entry-attribute: nisNetgroupTriple=(%link("%{externalHost}", "-", ",", "%deref_r(\"memberUser\",\"uid\")", "-"),%{nisDomainName:-})
schema-compat-entry-attribute: nisNetgroupTriple=(%link("%{externalHost}", "-", ",", "%deref_r(\"memberUser\",\"member\")", "-"),%{nisDomainName:-})

Version-Release number of selected component (if applicable):

slapi-nis-0.11-1.fc9.i386

Steps to Reproduce:
1. Add the config entry
2. ldapsearch -x -b "cn=ng,cn=compat,dc=example,dc=com"
Comment 1 Nalin Dahyabhai 2009-04-30 11:37:46 EDT
See, this is what happens when I'm in too much of a hurry to do a "make check".
Comment 2 Nalin Dahyabhai 2009-04-30 16:21:42 EDT
Okay, I think this is different from bug #497904, and is a bug in the %link implementation.  It should be fixed in 0.13.  (Thanks for the test data -- it made it much easier to spot the logic errors, and I've incorporated it into the test suite.)
Comment 3 Fedora Update System 2009-05-02 12:37:15 EDT
slapi-nis-0.13-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update slapi-nis'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2009-4169
Comment 4 Fedora Update System 2009-05-12 00:09:23 EDT
slapi-nis-0.15-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update slapi-nis'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2009-4169
Comment 5 Fedora Update System 2009-05-12 20:24:56 EDT
slapi-nis-0.15-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2009-05-12 20:25:49 EDT
slapi-nis-0.15-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2009-05-12 20:28:56 EDT
slapi-nis-0.15-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.