[email protected] wrote: > Full_Name: Jan Vcelak > Version: 2.5.25 > OS: Linux > URL: > ftp://ftp.openldap.org/incoming/jvcelak-20110622-ldif-split-indent-segfault-2.patch > Submission from: (NULL) (209.132.186.34) > > > Hello, > > input LDIF file with splitted lines which are indented incorrectly causes > SEGFAULT of a client tool. Let me show:
Your example doesn't SEGV for me. Anyway, I've committed a different patch to master for this issue. > > $ cat /tmp/invalid.ldif > dn: cn=B,dc=my-domain, > dc=com > objectclass: inetOrgPerson > objectclass: organizationalPerson > objectclass: person > objectclass: top > cn: B > sn: B > uid: B > mail: [email protected] > > $ ldapmodify -a -x -f /tmp/invalid.ldif -d2048 > ldif_parse_line: missing ':' after dc=com > ldapmodify: invalid format (line 2) entry: "cn=B,dc=my-domain," > Segmentation fault (core dumped) > > > (gdb) bt full > #0 __strcasecmp_l_ssse3 () at ../sysdeps/x86_64/strcmp.S:214 > No locals. > #1 0x000000000042d9f3 in ldap_parse_ldif_record_x (rbuf=0x7fffffffdbb0, > linenum=1, lr=0x7fffffffdb30, errstr=0x7fffffffe197 "ldapmodify", flags=1, > ctx=0x0) at ldifutil.c:399 > fv = 0 > line = 0x668627 "dc=com" > dn = 0x668614 "cn=B,dc=my-domain," > rc = -9 > modop = 0 > expect_modop = 0 > expect_sep = 0 > ldapadd = 1 > new_entry = 1 > delete_entry = 0 > got_all = 0 > pmods = 0x6697e8 > version = 0 > pctrls = 0x0 > i = 1 > j = 0 > k = -1 > idn = 1 > nmods = 1 > bvl = 0x6697f8 > bv = {bv_len = 0, bv_val = 0x0} > __PRETTY_FUNCTION__ = "ldap_parse_ldif_record_x" > #2 0x000000000042e524 in ldap_parse_ldif_record (rbuf=0x7fffffffdbb0, > linenum=1, lr=0x7fffffffdb30, errstr=0x7fffffffe197 "ldapmodify", flags=1) at > ldifutil.c:565 > No locals. > #3 0x0000000000406ff8 in process_ldif_rec (rbuf=0x668610 "dn", linenum=1) at > ldapmodify.c:404 > lr = {lr_op = 0, lr_dn = {bv_len = 18, bv_val = 0x668614 > "cn=B,dc=my-domain,"}, lr_ctrls = 0x0, ldif_ops = {lr_mods = 0x0, > ldif_op_rename > = {lr_newrdn = {bv_len = 0, > bv_val = 0x0}, lr_newsuperior = {bv_len = 0, bv_val = 0x0}, > lr_deleteoldrdn = 0}, ldif_op_ext = {lr_extop_oid = {bv_len = 0, bv_val = > 0x0}, > lr_extop_data = { > bv_len = 0, bv_val = 0x0}}, ldif_op_cmp = {lr_cmp_attr = > {bv_len > = 0, bv_val = 0x0}, lr_cmp_bvalue = {bv_len = 0, bv_val = 0x0}}}, lr_ctx = > 0x0, > lr_lines = 2, > lr_lm = 0x6697d0, lr_mops = 0x0, lr_freeval = 0x6699e0 "", lr_vals > = > 0x669930, lr_btype = 0x669880} > lrflags = 1 > rc = 0 > rbuf_bv = {bv_len = 0, > bv_val = 0x66862e "objectclass: inetOrgPerson\nobjectclass: > organizationalPerson\nobjectclass: person\nobjectclass: top\ncn: B\nsn: > B\nuid: > B\nmail: [email protected]\n"} > #4 0x0000000000406cb7 in main (argc=6, argv=0x7fffffffdd98) at > ldapmodify.c:316 > rbuf = 0x668610 "dn" > rejbuf = 0x0 > rejfp = 0x0 > ldiffp = 0x6600a0 > ldifdummy = {fp = 0x0, prev = 0x0} > matched_msg = 0x448790 "H\211l$\330L\211d$\340H\215-\003\060!" > error_msg = 0x8000<Address 0x8000 out of bounds> > rc = 0 > retval = 0 > ldifrc = 1 > len = 4491152 > i = 0 > lineno = 1 > nextline = 11 > lmax = 4119 > c = {{ldctl_oid = 0x7fe0f05<Address 0x7fe0f05 out of bounds>, > ldctl_value = {bv_len = 5044973646, bv_val = 0x0}, ldctl_iscritical = 0 > '\000'}} > (gdb) frame 1 > #1 0x000000000042d9f3 in ldap_parse_ldif_record_x (rbuf=0x7fffffffdbb0, > linenum=1, lr=0x7fffffffdb30, errstr=0x7fffffffe197 "ldapmodify", flags=1, > ctx=0x0) at ldifutil.c:399 > 399 if ( !BV_CASEMATCH( lr->lr_btype+i,&bv )) { > (gdb) p *(lr->lr_btype+1) > $1 = {bv_len = 0, bv_val = 0x668627 "dc=com"} > (gdb) > > bv_len is set incorrectly to zero and therefore the string will be compared > against bv, which is a "null string". > > I have uploaded patch to address this issue. > > With the patch applied, the output is following: > > ./ldapmodify -a -x -f /tmp/invalid.ldif -d2048 > ldif_parse_line: missing ':' after dc=com > ldapmodify: invalid format (line 2) entry: "cn=B,dc=my-domain," > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
