(ITS#5743) SIGSEGV in ldapsearch

ando Wed, 15 Oct 2008 08:35:59 -0700

Full_Name: Pierangelo Masarati
Version: re24
OS: CentOS 5.2 on i386
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.237.142.6)
Submitted by: ando



While chasing referrals (-C) to non-responding hosts (see also ITS#5742,
unrelated but same scenario), I got the following:

#0  0x0084b402 in __kernel_vsyscall ()
#1  0x00c9ad20 in raise () from /lib/libc.so.6
#2  0x00c9c631 in abort () from /lib/libc.so.6
#3  0x00c9416b in __assert_fail () from /lib/libc.so.6
#4  0x0807e58b in ber_sockbuf_ctrl (sb=0x0, opt=19658, arg=0x0) at sockbuf.c:88
#5  0x0805672a in try_read1msg (ld=0x90502a8, msgid=8, all=1, lcp=0xbf8957c8, 
    result=0xbf895820) at result.c:1190
#6  0x08057952 in ldap_result (ld=0x90502a8, msgid=8, all=1, 
    timeout=0xbf895810, result=0xbf895820) at result.c:402
#7  0x08064635 in ldap_new_connection (ld=0x90502a8, srvlist=0xbf895904, 
    use_ldsb=0, connect=1, bind=0xbf8958f0) at request.c:501
#8  0x08064b2d in ldap_send_server_request (ld=0x90502a8, ber=0x905ab20, 
    msgid=7, parentreq=0x90594d8, srvlist=0xbf895904, lc=0x0, bind=0xbf8958f0)
    at request.c:207
#9  0x08065acc in ldap_chase_v3referrals (ld=0x90502a8, lr=0x905a7c0, 
    refs=0x905aa50, sref=1, errstrp=0x905a7e4, hadrefp=0xbf895a1c)
    at request.c:1139
#10 0x08056a6d in try_read1msg (ld=0x90502a8, msgid=6, all=1, lcp=0xbf895a88, 
    result=0xbf895ae0) at result.c:729
#11 0x08057952 in ldap_result (ld=0x90502a8, msgid=6, all=1, 
    timeout=0xbf895ad0, result=0xbf895ae0) at result.c:402
#12 0x08064635 in ldap_new_connection (ld=0x90502a8, srvlist=0xbf895bc4, 
    use_ldsb=0, connect=1, bind=0xbf895bb0) at request.c:501
#13 0x08064b2d in ldap_send_server_request (ld=0x90502a8, ber=0x905b7f8, 
    msgid=5, parentreq=0x90594d8, srvlist=0xbf895bc4, lc=0x0, bind=0xbf895bb0)
    at request.c:207
#14 0x08065acc in ldap_chase_v3referrals (ld=0x90502a8, lr=0x905a7c0, 
    refs=0x905a8f0, sref=1, errstrp=0x905a7e4, hadrefp=0xbf895cdc)
    at request.c:1139
#15 0x08056a6d in try_read1msg (ld=0x90502a8, msgid=-1, all=0, lcp=0xbf895d48, 
    result=0xbf895ff8) at result.c:729
#16 0x08057952 in ldap_result (ld=0x90502a8, msgid=-1, all=0, timeout=0x0, 
    result=0xbf895ff8) at result.c:402
#17 0x0804b362 in dosearch (ld=0x90502a8, base=0x904f180 "dc=ericsson,dc=com", 
    scope=2, filtpatt=0x0, value=0x10 <Address 0x10 out of bounds>, attrs=0x0, 
    attrsonly=0, sctrls=0x0, cctrls=0x0, timeout=0x0, sizelimit=-1)
    at ldapsearch.c:1198
#18 0x0804d3ce in main (argc=Cannot access memory at address 0x4cca
) at ldapsearch.c:1031

Frame #4 clearly shows that ber_sockbuf_ctrl() is passed a null sb, which is
lc->lconn_sb.  I could not track, right now, where that pointer was zeroed out. 
I have binary and core available, if anything is needed.  What I'm missing right
now is time and connectivity (via ssh, and most of the time via http).

p.

(ITS#5743) SIGSEGV in ldapsearch

Reply via email to