716858 – ldapadd crashes on x86_64 with specific ldifs

Bug 716858 - ldapadd crashes on x86_64 with specific ldifs

Summary: ldapadd crashes on x86_64 with specific ldifs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openldap
Sub Component:
Version:	15
Hardware:	x86_64
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jan Vcelak
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	698921
Blocks:
TreeView+	depends on / blocked

Reported:	2011-06-27 09:22 UTC by Jan Vcelak
Modified:	2013-03-04 01:29 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openldap-2.4.24-3.fc15
Clone Of:	698921
Environment:
Last Closed:	2011-07-18 22:33:43 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Vcelak 2011-06-27 09:22:19 UTC

+++ This bug was initially created as a clone of Bug #698921 +++

Created attachment 494151 [details]
Base data without a new line at the end, no crash.

Description of a problem:

Client tool ldapadd crashed (or hang) with specific ldifs (attached dataB.ldif, dataA.ldif). It is cause by no new line in the end of these ldifs, if you add a new line at the end, ldapadd will not crash. The curious thing is here is that ldapadd does not need a new line in ldif file in general (attached base.ldif), but if it is missing in a certain ldif, it will cause crash. 

It is no hard to see that there is not

Version-Release number of selected component (if applicable):

openldap-2.4.19-15.el6_0.2
openldap-2.4.23-15.el6

How reproducible:

Always on x86_64, never on the other archs (i386, s390x, ppc64).

Steps to Reproduce:

1.  Start slapd service using attached slapd.conf.

2A. ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w x -f base.ldif
    ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w x -f dataB.ldif

2B. ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w x -f dataA.ldif

  
Actual results:

2A.

adding new entry "dc=my-domain, dc=com"

adding new entry "cn=B,dc=my-domain,dc=com"

*** glibc detected *** ldapadd: munmap_chunk(): invalid pointer: 0x00000000023a3018 ***
======= Backtrace: =========
/lib64/libc.so.6[0x36e0875716]
ldapadd[0x404364]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x36e081ec9d]
ldapadd[0x403759]
======= Memory map: ========
00400000-00412000 r-xp 00000000 fd:00 2907213                            /usr/bin/ldapmodify
00612000-00613000 rw-p 00012000 fd:00 2907213                            /usr/bin/ldapmodify
02398000-023b9000 rw-p 00000000 00:00 0                                  [heap]
35ba400000-35ba407000 r-xp 00000000 fd:00 2228527                        /lib64/libcrypt-2.12.so
35ba407000-35ba607000 ---p 00007000 fd:00 2228527                        /lib64/libcrypt-2.12.so
35ba607000-35ba608000 r--p 00007000 fd:00 2228527                        /lib64/libcrypt-2.12.so
35ba608000-35ba609000 rw-p 00008000 fd:00 2228527                        /lib64/libcrypt-2.12.so
35ba609000-35ba637000 rw-p 00000000 00:00 0 
35bd000000-35bd019000 r-xp 00000000 fd:00 2901547                        /usr/lib64/libsasl2.so.2.0.23
35bd019000-35bd219000 ---p 00019000 fd:00 2901547                        /usr/lib64/libsasl2.so.2.0.23
35bd219000-35bd21a000 rw-p 00019000 fd:00 2901547                        /usr/lib64/libsasl2.so.2.0.23
36e0000000-36e0020000 r-xp 00000000 fd:00 2228226                        /lib64/ld-2.12.so
36e021f000-36e0220000 r--p 0001f000 fd:00 2228226                        /lib64/ld-2.12.so
36e0220000-36e0221000 rw-p 00020000 fd:00 2228226                        /lib64/ld-2.12.so
36e0221000-36e0222000 rw-p 00000000 00:00 0 
36e0400000-36e0402000 r-xp 00000000 fd:00 2228248                        /lib64/libdl-2.12.so
36e0402000-36e0602000 ---p 00002000 fd:00 2228248                        /lib64/libdl-2.12.so
36e0602000-36e0603000 r--p 00002000 fd:00 2228248                        /lib64/libdl-2.12.so
36e0603000-36e0604000 rw-p 00003000 fd:00 2228248                        /lib64/libdl-2.12.so
36e0800000-36e0987000 r-xp 00000000 fd:00 2228242                        /lib64/libc-2.12.so
36e0987000-36e0b87000 ---p 00187000 fd:00 2228242                        /lib64/libc-2.12.so
36e0b87000-36e0b8b000 r--p 00187000 fd:00 2228242                        /lib64/libc-2.12.so
36e0b8b000-36e0b8c000 rw-p 0018b000 fd:00 2228242                        /lib64/libc-2.12.so
36e0b8c000-36e0b91000 rw-p 00000000 00:00 0 
36e0c00000-36e0c17000 r-xp 00000000 fd:00 2228244                        /lib64/libpthread-2.12.so
36e0c17000-36e0e17000 ---p 00017000 fd:00 2228244                        /lib64/libpthread-2.12.so
36e0e17000-36e0e18000 r--p 00017000 fd:00 2228244                        /lib64/libpthread-2.12.so
36e0e18000-36e0e19000 rw-p 00018000 fd:00 2228244                        /lib64/libpthread-2.12.so
36e0e19000-36e0e1d000 rw-p 00000000 00:00 0 
36e1400000-36e1415000 r-xp 00000000 fd:00 2228246                        /lib64/libz.so.1.2.3
36e1415000-36e1614000 ---p 00015000 fd:00 2228246                        /lib64/libz.so.1.2.3
36e1614000-36e1615000 rw-p 00014000 fd:00 2228246                        /lib64/libz.so.1.2.3
36e2000000-36e2016000 r-xp 00000000 fd:00 2228276                        /lib64/libgcc_s-4.4.5-20110214.so.1
36e2016000-36e2215000 ---p 00016000 fd:00 2228276                        /lib64/libgcc_s-4.4.5-20110214.so.1
36e2215000-36e2216000 rw-p 00015000 fd:00 2228276                        /lib64/libgcc_s-4.4.5-20110214.so.1
36e2c00000-36e2c16000 r-xp 00000000 fd:00 2228284                        /lib64/libresolv-2.12.so
36e2c16000-36e2e16000 ---p 00016000 fd:00 2228284                        /lib64/libresolv-2.12.so
36e2e16000-36e2e17000 r--p 00016000 fd:00 2228284                        /lib64/libresolv-2.12.so
36e2e17000-36e2e18000 rw-p 00017000 fd:00 2228284                        /lib64/libresolv-2.12.so
36e2e18000-36e2e1a000 rw-p 00000000 00:00 0 
7fbbd68e4000-7fbbd68e9000 r-xp 00000000 fd:00 2228252                    /lib64/libnss_dns-2.12.so
7fbbd68e9000-7fbbd6ae8000 ---p 00005000 fd:00 2228252                    /lib64/libnss_dns-2.12.so
7fbbd6ae8000-7fbbd6ae9000 r--p 00004000 fd:00 2228252                    /lib64/libnss_dns-2.12.so
7fbbd6ae9000-7fbbd6aea000 rw-p 00005000 fd:00 2228252                    /lib64/libnss_dns-2.12.so
7fbbd6aea000-7fbbd6af6000 r-xp 00000000 fd:00 2228254                    /lib64/libnss_files-2.12.so
7fbbd6af6000-7fbbd6cf5000 ---p 0000c000 fd:00 2228254                    /lib64/libnss_files-2.12.so
7fbbd6cf5000-7fbbd6cf6000 r--p 0000b000 fd:00 2228254                    /lib64/libnss_files-2.12.so
7fbbd6cf6000-7fbbd6cf7000 rw-p 0000c000 fd:00 2228254                    /lib64/libnss_files-2.12.so
7fbbd6cf7000-7fbbd6cfc000 rw-p 00000000 00:00 0 
7fbbd6cfc000-7fbbd6d59000 r-xp 00000000 fd:00 2228554                    /lib64/libfreebl3.so
7fbbd6d59000-7fbbd6f58000 ---p 0005d000 fd:00 2228554                    /lib64/libfreebl3.so
7fbbd6f58000-7fbbd6f5a000 rw-p 0005c000 fd:00 2228554                    /lib64/libfreebl3.so
7fbbd6f5a000-7fbbd6f5f000 rw-p 00000000 00:00 0 
7fbbd6f5f000-7fbbd6f97000 r-xp 00000000 fd:00 2228306                    /lib64/libnspr4.so
7fbbd6f97000-7fbbd7197000 ---p 00038000 fd:00 2228306                    /lib64/libnspr4.so
7fbbd7197000-7fbbd7199000 rw-p 00038000 fd:00 2228306                    /lib64/libnspr4.so
7fbbd7199000-7fbbd719d000 rw-p 00000000 00:00 0 
7fbbd719d000-7fbbd71a1000 r-xp 00000000 fd:00 2228308                    /lib64/libplc4.so
7fbbd71a1000-7fbbd73a0000 ---p 00004000 fd:00 2228308                    /lib64/libplc4.so
7fbbd73a0000-7fbbd73a1000 rw-p 00003000 fd:00 2228308                    /lib64/libplc4.so
7fbbd73a1000-7fbbd73a4000 r-xp 00000000 fd:00 2228312                    /lib64/libplds4.so
7fbbd73a4000-7fbbd75a3000 ---p 00003000 fd:00 2228312                    /lib64/libplds4.so
7fbbd75a3000-7fbbd75a4000 rw-p 00002000 fd:00 2228312                    /lib64/libplds4.so
7fbbd75a4000-7fbbd75be000 r-xp 00000000 fd:00 2899283                    /usr/lib64/libnssutil3.so
7fbbd75be000-7fbbd77bd000 ---p 0001a000 fd:00 2899283                    /usr/lib64/libnssutil3.so
7fbbd77bd000-7fbbd77c3000 rw-p 00019000 fd:00 2899283                    /usr/lib64/libnssutil3.so
7fbbd77c3000-7fbbd77c4000 rw-p 00000000 00:00 0 
7fbbd77c4000-7fbbd78f7000 r-xp 00000000 fd:00 2899487                    /usr/lib64/libnss3.so
7fbbd78f7000-7fbbd7af7000 ---p 00133000 fd:00 2899487                    /usr/lib64/libnss3.so
7fbbd7af7000-7fbbd7afe000 rw-p 00133000 fd:00 2899487                    /usr/lib64/libnss3.so
7fbbd7afe000-7fbbd7aff000 rw-p 00000000 00:00 0 
7fbbd7aff000-7fbbd7b27000 r-xp 00000000 fd:00 2899469                    /usr/lib64/libsmime3.so
7fbbd7b27000-7fbbd7d27000 ---p 00028000 fd:00 2899469                    /usr/lib64/libsmime3.soreproducer.sh: line 10: 26554 Aborted                 (core dumped) ldapadd -H ldap:// -D cn=Manager,dc=my-domain,dc=com -x -w

2B.

adding new entry "dc=my-domain, dc=com"

*** glibc detected *** ldapadd: malloc(): memory corruption: 0x00000000023cde60 ***
(hang)

Expected results:

No crashes, no hangs, users are added correctly.

--- Additional comment from omoris on 2011-04-22 11:50:26 CEST ---

Created attachment 494152 [details]
User and base data without a new line at the end, crash.

--- Additional comment from omoris on 2011-04-22 11:51:19 CEST ---

Created attachment 494153 [details]
Base data without a new line at the end, no crash.

--- Additional comment from omoris on 2011-04-22 11:51:58 CEST ---

Created attachment 494154 [details]
User data without a new line at the end, crash.

--- Additional comment from jvcelak on 2011-05-19 15:23:41 CEST ---

Created attachment 499839 [details]
proposed patch

--- Additional comment from jvcelak on 2011-05-19 19:26:41 CEST ---

Upstream report was created:
http://www.openldap.org/its/index.cgi?findid=6947

--- Additional comment from jvcelak on 2011-06-20 17:38:06 CEST ---

Created attachment 505650 [details]
proposed patch (second version)

The previous patch was rejected by upstream, because glibc specific function was used. Attaching another (and better) version.

Comment 1 Jan Vcelak 2011-06-27 17:30:13 UTC

(This issue is resolved in Rawhide with openldap-2.4.25-1.fc16.)

Comment 2 Jan Vcelak 2011-06-28 10:42:34 UTC

Fixed in openldap-2.4.24-3.fc15

Comment 3 Fedora Update System 2011-06-28 10:45:00 UTC

openldap-2.4.24-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openldap-2.4.24-3.fc15

Comment 4 Fedora Update System 2011-06-28 20:28:23 UTC

Package openldap-2.4.24-3.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openldap-2.4.24-3.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/openldap-2.4.24-3.fc15
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2011-07-18 22:33:12 UTC

openldap-2.4.24-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.