Re: [Freeipa-devel] [PATCH 0316] Fix crash triggered by zone objects with unexpected DN
On 4.3.2015 15:26, Tomas Hozza wrote: > On 02/24/2015 03:01 PM, Petr Spacek wrote: >> > Hello, >> > >> > On 18.2.2015 10:36, Tomas Hozza wrote: >>> > > On 12/16/2014 04:32 PM, Petr Spacek wrote: > >> Hello, > >> > >> Fix crash triggered by zone objects with unexpected DN. > >> > >> https://fedorahosted.org/bind-dyndb-ldap/ticket/148 > >> >>> > > NACK. >>> > > >>> > > The patch seems to make no difference when using the reproducer from >>> > > ticket 148 >>> > > >>> > > 18-Feb-2015 10:34:09.067 running >>> > > 18-Feb-2015 10:34:09.139 ldap_helper.c:4876: INSIST(task == inst->task) >>> > > failed, back trace >>> > > 18-Feb-2015 10:34:09.139 #0 0x55587a80 in ?? >>> > > 18-Feb-2015 10:34:09.139 #1 0x7620781a in ?? >>> > > 18-Feb-2015 10:34:09.139 #2 0x720b00b2 in ?? >>> > > 18-Feb-2015 10:34:09.140 #3 0x71e7ccf9 in ?? >>> > > 18-Feb-2015 10:34:09.140 #4 0x71e7d992 in ?? >>> > > 18-Feb-2015 10:34:09.140 #5 0x720a7f3b in ?? >>> > > 18-Feb-2015 10:34:09.140 #6 0x75dda52a in ?? >>> > > 18-Feb-2015 10:34:09.140 #7 0x7508d79d in ?? >>> > > 18-Feb-2015 10:34:09.140 exiting (due to assertion failure) >>> > > >>> > > Program received signal SIGABRT, Aborted. >>> > > [Switching to Thread 0x7fffea7cd700 (LWP 1719)] >>> > > 0x74fc18c7 in __GI_raise (sig=sig@entry=6) at >>> > > ../sysdeps/unix/sysv/linux/raise.c:55 >>> > > 55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); >>> > > Missing separate debuginfos, use: debuginfo-install >>> > > cyrus-sasl-gssapi-2.1.26-19.fc21.x86_64 >>> > > cyrus-sasl-lib-2.1.26-19.fc21.x86_64 >>> > > cyrus-sasl-md5-2.1.26-19.fc21.x86_64 >>> > > cyrus-sasl-plain-2.1.26-19.fc21.x86_64 gssproxy-0.3.1-4.fc21.x86_64 >>> > > keyutils-libs-1.5.9-4.fc21.x86_64 libattr-2.4.47-9.fc21.x86_64 >>> > > libdb-5.3.28-9.fc21.x86_64 libgcc-4.9.2-6.fc21.x86_64 >>> > > libselinux-2.3-5.fc21.x86_64 nspr-4.10.8-1.fc21.x86_64 >>> > > nss-3.17.4-1.fc21.x86_64 nss-softokn-freebl-3.17.4-1.fc21.x86_64 >>> > > nss-util-3.17.4-1.fc21.x86_64 pcre-8.35-8.fc21.x86_64 >>> > > sssd-client-1.12.3-4.fc21.x86_64 xz-libs-5.1.2-14alpha.fc21.x86_64 >>> > > (gdb) bt >>> > > #0 0x74fc18c7 in __GI_raise (sig=sig@entry=6) at >>> > > ../sysdeps/unix/sysv/linux/raise.c:55 >>> > > #1 0x74fc352a in __GI_abort () at abort.c:89 >>> > > #2 0x55587c29 in assertion_failed (file=, >>> > > line=, type=, cond=) at >>> > > ./main.c:220 >>> > > #3 0x7620781a in isc_assertion_failed >>> > > (file=file@entry=0x720bad2a "ldap_helper.c", line=line@entry=4876, >>> > > type=type@entry=isc_assertiontype_insist, >>> > > cond=cond@entry=0x720baf04 "task == inst->task") at >>> > > assertions.c:57 >>> > > #4 0x720b00b2 in syncrepl_update (chgtype=1, >>> > > entry=0x70125590, inst=0x77fa3160) at ldap_helper.c:4876 >>> > > #5 ldap_sync_search_entry (ls=, msg=, >>> > > entryUUID=, phase=LDAP_SYNC_CAPI_ADD) at >>> > > ldap_helper.c:5031 >>> > > #6 0x71e7ccf9 in ldap_sync_search_entry >>> > > (ls=ls@entry=0x7fffe40008c0, res=0x7fffe4003870) at ldap_sync.c:228 >>> > > #7 0x71e7d992 in ldap_sync_init (ls=0x7fffe40008c0, >>> > > mode=mode@entry=3) at ldap_sync.c:792 >>> > > #8 0x720a7f3b in ldap_syncrepl_watcher (arg=0x77fa3160) at >>> > > ldap_helper.c:5247 >>> > > #9 0x75dda52a in start_thread (arg=0x7fffea7cd700) at >>> > > pthread_create.c:310 >>> > > #10 0x7508d79d in clone () at >>> > > ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 >> > >> > Thank you for catching this! I was using slightly different test which >> > triggered the new code but by using different code path. >> > >> > This new version should be more robust. Please re-test it, thank you! >> > > ACK for version 2. Thank, pushed to master: 9d2160ead48d64b6943cb4f0e7ec0feddd82dbc5 -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0316] Fix crash triggered by zone objects with unexpected DN
On 02/24/2015 03:01 PM, Petr Spacek wrote: > Hello, > > On 18.2.2015 10:36, Tomas Hozza wrote: > > On 12/16/2014 04:32 PM, Petr Spacek wrote: > >> Hello, > >> > >> Fix crash triggered by zone objects with unexpected DN. > >> > >> https://fedorahosted.org/bind-dyndb-ldap/ticket/148 > >> > > NACK. > > > > The patch seems to make no difference when using the reproducer from ticket > > 148 > > > > 18-Feb-2015 10:34:09.067 running > > 18-Feb-2015 10:34:09.139 ldap_helper.c:4876: INSIST(task == inst->task) > > failed, back trace > > 18-Feb-2015 10:34:09.139 #0 0x55587a80 in ?? > > 18-Feb-2015 10:34:09.139 #1 0x7620781a in ?? > > 18-Feb-2015 10:34:09.139 #2 0x720b00b2 in ?? > > 18-Feb-2015 10:34:09.140 #3 0x71e7ccf9 in ?? > > 18-Feb-2015 10:34:09.140 #4 0x71e7d992 in ?? > > 18-Feb-2015 10:34:09.140 #5 0x720a7f3b in ?? > > 18-Feb-2015 10:34:09.140 #6 0x75dda52a in ?? > > 18-Feb-2015 10:34:09.140 #7 0x7508d79d in ?? > > 18-Feb-2015 10:34:09.140 exiting (due to assertion failure) > > > > Program received signal SIGABRT, Aborted. > > [Switching to Thread 0x7fffea7cd700 (LWP 1719)] > > 0x74fc18c7 in __GI_raise (sig=sig@entry=6) at > > ../sysdeps/unix/sysv/linux/raise.c:55 > > 55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); > > Missing separate debuginfos, use: debuginfo-install > > cyrus-sasl-gssapi-2.1.26-19.fc21.x86_64 > > cyrus-sasl-lib-2.1.26-19.fc21.x86_64 cyrus-sasl-md5-2.1.26-19.fc21.x86_64 > > cyrus-sasl-plain-2.1.26-19.fc21.x86_64 gssproxy-0.3.1-4.fc21.x86_64 > > keyutils-libs-1.5.9-4.fc21.x86_64 libattr-2.4.47-9.fc21.x86_64 > > libdb-5.3.28-9.fc21.x86_64 libgcc-4.9.2-6.fc21.x86_64 > > libselinux-2.3-5.fc21.x86_64 nspr-4.10.8-1.fc21.x86_64 > > nss-3.17.4-1.fc21.x86_64 nss-softokn-freebl-3.17.4-1.fc21.x86_64 > > nss-util-3.17.4-1.fc21.x86_64 pcre-8.35-8.fc21.x86_64 > > sssd-client-1.12.3-4.fc21.x86_64 xz-libs-5.1.2-14alpha.fc21.x86_64 > > (gdb) bt > > #0 0x74fc18c7 in __GI_raise (sig=sig@entry=6) at > > ../sysdeps/unix/sysv/linux/raise.c:55 > > #1 0x74fc352a in __GI_abort () at abort.c:89 > > #2 0x55587c29 in assertion_failed (file=, > > line=, type=, cond=) at > > ./main.c:220 > > #3 0x7620781a in isc_assertion_failed > > (file=file@entry=0x720bad2a "ldap_helper.c", line=line@entry=4876, > > type=type@entry=isc_assertiontype_insist, > > cond=cond@entry=0x720baf04 "task == inst->task") at assertions.c:57 > > #4 0x720b00b2 in syncrepl_update (chgtype=1, entry=0x70125590, > > inst=0x77fa3160) at ldap_helper.c:4876 > > #5 ldap_sync_search_entry (ls=, msg=, > > entryUUID=, phase=LDAP_SYNC_CAPI_ADD) at ldap_helper.c:5031 > > #6 0x71e7ccf9 in ldap_sync_search_entry > > (ls=ls@entry=0x7fffe40008c0, res=0x7fffe4003870) at ldap_sync.c:228 > > #7 0x71e7d992 in ldap_sync_init (ls=0x7fffe40008c0, > > mode=mode@entry=3) at ldap_sync.c:792 > > #8 0x720a7f3b in ldap_syncrepl_watcher (arg=0x77fa3160) at > > ldap_helper.c:5247 > > #9 0x75dda52a in start_thread (arg=0x7fffea7cd700) at > > pthread_create.c:310 > > #10 0x7508d79d in clone () at > > ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 > > Thank you for catching this! I was using slightly different test which > triggered the new code but by using different code path. > > This new version should be more robust. Please re-test it, thank you! > ACK for version 2. No crash during testing ;) Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0316] Fix crash triggered by zone objects with unexpected DN
Hello,
On 18.2.2015 10:36, Tomas Hozza wrote:
> On 12/16/2014 04:32 PM, Petr Spacek wrote:
>> Hello,
>>
>> Fix crash triggered by zone objects with unexpected DN.
>>
>> https://fedorahosted.org/bind-dyndb-ldap/ticket/148
>>
> NACK.
>
> The patch seems to make no difference when using the reproducer from ticket
> 148
>
> 18-Feb-2015 10:34:09.067 running
> 18-Feb-2015 10:34:09.139 ldap_helper.c:4876: INSIST(task == inst->task)
> failed, back trace
> 18-Feb-2015 10:34:09.139 #0 0x55587a80 in ??
> 18-Feb-2015 10:34:09.139 #1 0x7620781a in ??
> 18-Feb-2015 10:34:09.139 #2 0x720b00b2 in ??
> 18-Feb-2015 10:34:09.140 #3 0x71e7ccf9 in ??
> 18-Feb-2015 10:34:09.140 #4 0x71e7d992 in ??
> 18-Feb-2015 10:34:09.140 #5 0x720a7f3b in ??
> 18-Feb-2015 10:34:09.140 #6 0x75dda52a in ??
> 18-Feb-2015 10:34:09.140 #7 0x7508d79d in ??
> 18-Feb-2015 10:34:09.140 exiting (due to assertion failure)
>
> Program received signal SIGABRT, Aborted.
> [Switching to Thread 0x7fffea7cd700 (LWP 1719)]
> 0x74fc18c7 in __GI_raise (sig=sig@entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:55
> 55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
> Missing separate debuginfos, use: debuginfo-install
> cyrus-sasl-gssapi-2.1.26-19.fc21.x86_64 cyrus-sasl-lib-2.1.26-19.fc21.x86_64
> cyrus-sasl-md5-2.1.26-19.fc21.x86_64 cyrus-sasl-plain-2.1.26-19.fc21.x86_64
> gssproxy-0.3.1-4.fc21.x86_64 keyutils-libs-1.5.9-4.fc21.x86_64
> libattr-2.4.47-9.fc21.x86_64 libdb-5.3.28-9.fc21.x86_64
> libgcc-4.9.2-6.fc21.x86_64 libselinux-2.3-5.fc21.x86_64
> nspr-4.10.8-1.fc21.x86_64 nss-3.17.4-1.fc21.x86_64
> nss-softokn-freebl-3.17.4-1.fc21.x86_64 nss-util-3.17.4-1.fc21.x86_64
> pcre-8.35-8.fc21.x86_64 sssd-client-1.12.3-4.fc21.x86_64
> xz-libs-5.1.2-14alpha.fc21.x86_64
> (gdb) bt
> #0 0x74fc18c7 in __GI_raise (sig=sig@entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:55
> #1 0x74fc352a in __GI_abort () at abort.c:89
> #2 0x55587c29 in assertion_failed (file=,
> line=, type=, cond=) at
> ./main.c:220
> #3 0x7620781a in isc_assertion_failed
> (file=file@entry=0x720bad2a "ldap_helper.c", line=line@entry=4876,
> type=type@entry=isc_assertiontype_insist,
> cond=cond@entry=0x720baf04 "task == inst->task") at assertions.c:57
> #4 0x720b00b2 in syncrepl_update (chgtype=1, entry=0x70125590,
> inst=0x77fa3160) at ldap_helper.c:4876
> #5 ldap_sync_search_entry (ls=, msg=,
> entryUUID=, phase=LDAP_SYNC_CAPI_ADD) at ldap_helper.c:5031
> #6 0x71e7ccf9 in ldap_sync_search_entry (ls=ls@entry=0x7fffe40008c0,
> res=0x7fffe4003870) at ldap_sync.c:228
> #7 0x71e7d992 in ldap_sync_init (ls=0x7fffe40008c0,
> mode=mode@entry=3) at ldap_sync.c:792
> #8 0x720a7f3b in ldap_syncrepl_watcher (arg=0x77fa3160) at
> ldap_helper.c:5247
> #9 0x75dda52a in start_thread (arg=0x7fffea7cd700) at
> pthread_create.c:310
> #10 0x7508d79d in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thank you for catching this! I was using slightly different test which
triggered the new code but by using different code path.
This new version should be more robust. Please re-test it, thank you!
--
Petr^2 Spacek
From bfe9f7767ed86cdd562b36b801ce3ee6e6f2063b Mon Sep 17 00:00:00 2001
From: Petr Spacek
Date: Tue, 24 Feb 2015 14:45:42 +0100
Subject: [PATCH] Fix crash triggered by zone objects with unexpected DN.
https://fedorahosted.org/bind-dyndb-ldap/ticket/148
---
src/ldap_convert.c | 24
src/ldap_convert.h | 4
src/ldap_helper.c | 3 +++
3 files changed, 31 insertions(+)
diff --git a/src/ldap_convert.c b/src/ldap_convert.c
index b51d402492415d6630a42435b823925c8246a06f..dde10d6e989159e9f6f5086a4a12bbd165b73646 100644
--- a/src/ldap_convert.c
+++ b/src/ldap_convert.c
@@ -193,6 +193,30 @@ cleanup:
}
/**
+ * Evaluate if DN has/does not have expected format with one or two components
+ * and error out if a mismatch is detected.
+ *
+ * @param[in] prefix Prefix for error messages, usually a function name.
+ * @param[in] dn
+ * @param[in] dniszoneBoolean returned by dn_to_dnsname for given DN.
+ * @param[in] classiszone ISC_TRUE if DN should be a zone, ISC_FALSE otherwise.
+ * @retval ISC_R_SUCCESS or ISC_R_UNEXPECTED if values do not match.
+ */
+isc_result_t
+dn_want_zone(const char * const prefix, const char * const dn,
+ isc_boolean_t dniszone, isc_boolean_t classiszone) {
+ if (dniszone != classiszone) {
+ log_error("%s: object '%s' does%s have a zone object class "
+ "but DN format suggests that it is%s a zone",
+ prefix, dn, classiszone ? "" : " not",
+ dniszone ? "" : " not");
+ return ISC_R_UNEXPECTED;
+ }
+
+ return ISC_R_SUCCESS;
+}
+
+/**
* WARNING! This function is used to mangle input from network
* and it is security sensitive.
*
diff --git a/src/ldap_convert.h b/src/ldap_convert.h
index f0b09262dbbe588c5c12b074242a9f7db43618
Re: [Freeipa-devel] [PATCH 0316] Fix crash triggered by zone objects with unexpected DN
On 12/16/2014 04:32 PM, Petr Spacek wrote: > Hello, > > Fix crash triggered by zone objects with unexpected DN. > > https://fedorahosted.org/bind-dyndb-ldap/ticket/148 > NACK. The patch seems to make no difference when using the reproducer from ticket 148 18-Feb-2015 10:34:09.067 running 18-Feb-2015 10:34:09.139 ldap_helper.c:4876: INSIST(task == inst->task) failed, back trace 18-Feb-2015 10:34:09.139 #0 0x55587a80 in ?? 18-Feb-2015 10:34:09.139 #1 0x7620781a in ?? 18-Feb-2015 10:34:09.139 #2 0x720b00b2 in ?? 18-Feb-2015 10:34:09.140 #3 0x71e7ccf9 in ?? 18-Feb-2015 10:34:09.140 #4 0x71e7d992 in ?? 18-Feb-2015 10:34:09.140 #5 0x720a7f3b in ?? 18-Feb-2015 10:34:09.140 #6 0x75dda52a in ?? 18-Feb-2015 10:34:09.140 #7 0x7508d79d in ?? 18-Feb-2015 10:34:09.140 exiting (due to assertion failure) Program received signal SIGABRT, Aborted. [Switching to Thread 0x7fffea7cd700 (LWP 1719)] 0x74fc18c7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); Missing separate debuginfos, use: debuginfo-install cyrus-sasl-gssapi-2.1.26-19.fc21.x86_64 cyrus-sasl-lib-2.1.26-19.fc21.x86_64 cyrus-sasl-md5-2.1.26-19.fc21.x86_64 cyrus-sasl-plain-2.1.26-19.fc21.x86_64 gssproxy-0.3.1-4.fc21.x86_64 keyutils-libs-1.5.9-4.fc21.x86_64 libattr-2.4.47-9.fc21.x86_64 libdb-5.3.28-9.fc21.x86_64 libgcc-4.9.2-6.fc21.x86_64 libselinux-2.3-5.fc21.x86_64 nspr-4.10.8-1.fc21.x86_64 nss-3.17.4-1.fc21.x86_64 nss-softokn-freebl-3.17.4-1.fc21.x86_64 nss-util-3.17.4-1.fc21.x86_64 pcre-8.35-8.fc21.x86_64 sssd-client-1.12.3-4.fc21.x86_64 xz-libs-5.1.2-14alpha.fc21.x86_64 (gdb) bt #0 0x74fc18c7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 #1 0x74fc352a in __GI_abort () at abort.c:89 #2 0x55587c29 in assertion_failed (file=, line=, type=, cond=) at ./main.c:220 #3 0x7620781a in isc_assertion_failed (file=file@entry=0x720bad2a "ldap_helper.c", line=line@entry=4876, type=type@entry=isc_assertiontype_insist, cond=cond@entry=0x720baf04 "task == inst->task") at assertions.c:57 #4 0x720b00b2 in syncrepl_update (chgtype=1, entry=0x70125590, inst=0x77fa3160) at ldap_helper.c:4876 #5 ldap_sync_search_entry (ls=, msg=, entryUUID=, phase=LDAP_SYNC_CAPI_ADD) at ldap_helper.c:5031 #6 0x71e7ccf9 in ldap_sync_search_entry (ls=ls@entry=0x7fffe40008c0, res=0x7fffe4003870) at ldap_sync.c:228 #7 0x71e7d992 in ldap_sync_init (ls=0x7fffe40008c0, mode=mode@entry=3) at ldap_sync.c:792 #8 0x720a7f3b in ldap_syncrepl_watcher (arg=0x77fa3160) at ldap_helper.c:5247 #9 0x75dda52a in start_thread (arg=0x7fffea7cd700) at pthread_create.c:310 #10 0x7508d79d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
