584109 – Slapd crashes while parsing DNA configuration

Bug 584109 - Slapd crashes while parsing DNA configuration

Summary: Slapd crashes while parsing DNA configuration

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Server - DNA Plug-in
Sub Component:
Version:	1.2.6
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nathan Kinder
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	434914 389_1.2.6
TreeView+	depends on / blocked

Reported:	2010-04-20 19:08 UTC by Endi Sukma Dewata
Modified:	2015-12-07 17:07 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-07 17:07:54 UTC
Embargoed:

Attachments	(Terms of Use)
0001-Bug-584109-Slapd-crashes-while-parsing-DNA-configura.patch (1.19 KB, patch) 2010-04-20 19:27 UTC, Endi Sukma Dewata	rmeggins: review+	Details \| Diff
View All

Description Endi Sukma Dewata 2010-04-20 19:08:29 UTC

In the dna_parse_config_entry() the shared_cfg_base will be freed twice: once by slapi_ch_free_string(&value) in that method and another by slapi_ch_free_string(&e->shared_cfg_base) in dna_free_config_entry(). This is causing slapd to crash.

This problem can be reproduced consistently by provisioning Samba with DS backend.
The provisioning tool generates certain DNA configuration that triggers this problem.

Comment 1 Endi Sukma Dewata 2010-04-20 19:27:20 UTC

Created attachment 407908 [details]
0001-Bug-584109-Slapd-crashes-while-parsing-DNA-configura.patch

The dna_parse_config_entry() has been modified to duplicate the shared_cfg_base value to avoid freeing the same memory location twice.

Comment 2 Rich Megginson 2010-04-20 19:36:08 UTC

To ssh://git.fedorahosted.org/git/389/ds.git
   b632c9f..341664f  Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch
commit 341664fad1fbb0b5bebb31496d862cb02df843dd
Author: Endi S. Dewata <edewata>
Date:   Sun Apr 18 04:29:41 2010 -0500
   acf2c6b..2889536  master -> master
commit 288953655c3af087c82007d630cf8fb6558e9a9e
Author: Endi S. Dewata <edewata>
Date:   Sun Apr 18 04:29:41 2010 -0500

Comment 3 Jenny Severance 2010-05-14 15:12:09 UTC

Can you please add steps to reproduce with Directory Server only? Thanks

Comment 4 Endi Sukma Dewata 2010-05-14 17:20:13 UTC

Based on the patch, the problem happens when dnaSharedCfgDn configuration is being processed. The following steps should reproduce the problem (if it still exists):

1. Create a DS instance with dc=example,dc=com suffix.
2. Add the following entries:

dn: ou=Ranges,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Ranges

dn: cn=User IDs,ou=Ranges,dc=example,dc=com
objectClass: top
objectClass: nsContainer
cn: User IDs

3. Add the following DNA configuration as follows:

dn: cn=User IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: User IDs
dnaType: uid
dnaMagicRegen: 0
dnaFilter: (objectClass=inetOrgPerson)
dnaScope: dc=example,dc=com
dnaNextValue: 100
dnaSharedCfgDn: cn=User IDs,ou=Ranges,dc=example,dc=com
dnaPrefix: user

4. Enable DNA plugin with ldapmodify:

dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
-

5. Restart the instance, the slapd would crash.

Comment 5 Jenny Severance 2010-05-14 19:57:09 UTC

post check in of this fix .. all DNA automated tests passing - 8 different configurations using dnaSharedCfgDn.  Previous testing after regression introduced DNA tests were failing.

marking bug verified.

Note You need to log in before you can comment on or make changes to this bug.