Bug 679542 - empty modify operation with repl on or lastmod off will crash server
Summary: empty modify operation with repl on or lastmod off will crash server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On: 675320
Blocks: 639035 389_1.2.8 CVE-2011-0704
TreeView+ depends on / blocked
 
Reported: 2011-02-22 19:50 UTC by Rich Megginson
Modified: 2015-01-04 23:46 UTC (History)
6 users (show)

Fixed In Version: 389-ds-base-1.2.8-0.3.a3.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 675320
Environment:
Last Closed: 2011-05-19 12:42:00 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2011:0533 0 normal SHIPPED_LIVE new package: 389-ds-base 2011-05-18 17:57:44 UTC

Comment 1 Rich Megginson 2011-02-24 02:35:40 UTC 
Vincent, can you remove the Security Sensitive Bug check?  It is preventing me from checking into CVS.
Comment 2 Vincent Danen 2011-02-24 16:11:00 UTC 
Seems that Huzaifa already did that, so you should be ok now.
Comment 5 Amita Sharma 2011-03-31 10:42:46 UTC 
Hi, 

I am testing this bug to verify the fix.
I have 389, 1.2.8 and executed below steps :


1) You have to have a client capable of sending an empty modify request -
mozldap ldapmodify will not let you do this, but openldap ldapmodify will:

# /usr/bin/ldapmodify -x <<EOF
dn:

EOF

It will warn, but allow the modify through.

<Amita>
[root@amsharma reslimit]# ldapmodify -x -h localhost -p 1389 -D "cn=Directory Manager" -w pwd << EOF
dn:

EOF
modifying entry ""
</Amita>

2) You have to be using a server built with mozldap - servers built with
openldap will return an LDAP error when receiving an empty modify request

<Amita>
Sorry, I could not do this as mozldap is deprecated. 
</Amita>

3) Either the modify operation is replicated, or the server has set cn=config
nsslapd-lastmod: off

<Amita>
[root@amsharma reslimit]# ldapsearch -x -h localhost -p 1389 -D "cn=Directory Manager" -w pwd -b "cn=config" | grep nsslapd-lastmod
nsslapd-lastmod: on
[root@amsharma reslimit]# ldapmodify -x -h localhost -p 1389 -D "cn=Directory Manager" -w pwd << EOF
> dn: cn=config
> changetype: modify
> replace: nsslapd-lastmod
> nsslapd-lastmod: off
> EOF
modifying entry "cn=config"

[root@amsharma reslimit]# ldapsearch -x -h localhost -p 1389 -D "cn=Directory Manager" -w pwd -b "cn=config" | grep nsslapd-lastmod
nsslapd-lastmod: off
[root@amsharma reslimit]#
</Amita>

If these conditions are met, the empty modify operation will crash the server.

<Amita>
Server was up and running, no crash found.
I am putting this bug as VERIFIED, please revert in case of any more actions required.
</Amita>
Comment 6 errata-xmlrpc 2011-05-19 12:42:00 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0533.html
Note You need to log in before you can comment on or make changes to this bug.