In the uniqueness plugin the addMod() function is buggy and will modify arbitrary memory if more then one mod is added to the array passed to the function.
The error is in servers/plugins/uiquniq/uid.c at line 650
*modary[*nmods] = toadd;
this is incorrect and wors only for element  of the array.
the correct code reads:
(*modary)[*nmods] = toadd;
The segfault happens later on when the modify_preop() code will try to dereference the second element of the array finding a pointer to 0.
The stack of the modify_preop is probably also compromised because the next address after the checkmods array has been changed.
Note that the servers/plugins/uiquniq/7bit.c file has the same addMod() function, but the code is correct there. Yay for code duplication :-/
52632d7..f4c6760 master -> master
Author: Rich Megginson <email@example.com>
Date: Mon Oct 18 12:47:14 2010 -0600
Reviewed by: self - one liner
Fix Description: Access the array pointer correctly
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
Seems to be a code issue in addMod().
Can I verify/Test this?
If yes, then please add the steps.
(In reply to comment #2)
> Seems to be a code issue in addMod().
> Can I verify/Test this?
> If yes, then please add the steps.
Submit a modify operation that has more than one uid value in it. For example:
the server should not crash
No crash found.