** Description changed: When I try to remove certain entries from OpenLDAP, slapd crashes with a segmentation fault, when using the mdb backend. When I looked at the backtrace, it appeared to be this issue: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7174 which is fixed in later versions of Ubuntu (it was fixed in OpenLDAP 2.4.30), but not in precise. It was fixed upstream in this commit: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=92ed65d298e47822b9e3ed7d4f9d8b938bf8b780 The bug occurred on a production server (where the bug first occurred) and in a VM using a dump of that server's directory. I've downloaded the source package, applied Ubuntu-specific patches and the above patch, and the bug does seem to be absent from the compiled result. + [Impact] + When OpenLDAP is used with mdb as its backend, this bug is very likely to occur: when a numeric field that is indexed (could be uidNumber, for example) is removed. This impedes the normal operation of slapd, as it becomes impossible to delete these entries and + any attempt to do so crashes slapd. + [Test Case] 1. Install OpenLDAP (apt-get install slapd ldap-utils) 2. Run testbug.sh as root (WARNING: this will wipe /etc/ldap/slapd.d and /var/lib/ldap, do this on a clean install) 3. Run "ldapdelete -x -D cn=admin,dc=example,dc=com -w test -H ldap:/// 'uid=johndoe,dc=example,dc=com'" 4. - Expected result: The delete action succeeds, "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com 'uid=johndoe'" should return nothing. - Actual result: slapd crashes with SIGSEGV (see /var/log/syslog). The entry is not deleted. + + [Regression Potential] + The fix introduces new variables local in function scope. It also removes the side effects + caused by temporarily changing an input variable. Because changing the input variable is not the intended behavior, and this fix only introduces temporary variables in function scope, it can be considered as a safe change. Also, this is the only fix in a long time to utils.c, and didn't cause any problems upstream. ProblemType: Crash DistroRelease: Ubuntu 12.04 Package: slapd 2.4.28-1.1ubuntu4.3 ProcVersionSignature: Ubuntu 3.5.0-23.35~precise1-generic 3.5.7.2 Uname: Linux 3.5.0-23-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.4 Architecture: amd64 Date: Sun Aug 25 18:59:12 2013 ExecutablePath: /usr/sbin/slapd InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214) MarkForUpload: True ProcCmdline: /usr/sbin/slapd -h ldap:///\ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.utf8 SegvAnalysis: Segfault happened at: 0x7f208d8ea3b2 <lutil_str2bin+290>: movb $0x0,0x0(%rbp) PC (0x7f208d8ea3b2) ok source "$0x0" ok destination "0x0(%rbp)" (0x7f0c879633d3) in non-writable VMA region: 0x7f0c871b5000-0x7f20871b5000 r--s /var/lib/ldap/data.mdb Stack memory exhausted (SP below stack segment) SegvReason: writing VMA /var/lib/ldap/data.mdb Signal: 11 SourcePackage: openldap StacktraceTop: lutil_str2bin (in=<optimized out>, out=0x7f0c76ffd430, ctx=0x7f0c70000ea0) at ../../../../libraries/liblutil/utils.c:812 integerVal2Key (in=<optimized out>, tmp=<optimized out>, ctx=<optimized out>, key=<optimized out>) at ../../../../servers/slapd/schema_init.c:2545 integerIndexer (use=<optimized out>, flags=<optimized out>, syntax=<optimized out>, mr=<optimized out>, prefix=<optimized out>, values=0x7f0c70001bb8, keysp=0x7f0c76ffd570, ctx=0x7f0c70000ea0) at ../../../../servers/slapd/schema_init.c:2634 indexer (op=0x7f0c70000900, txn=<optimized out>, ai=<optimized out>, atname=0x7f208f9657b8, vals=0x7f0c70001bb8, id=4103, opid=2, mask=4, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:211 index_at_values (op=0x7f0c70000900, txn=0x7f0c70100f80, type=0x7f208f965750, tags=0x7f208f965900, vals=0x7f0c70001bb8, id=4103, opid=2, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:337 Title: slapd crashed with SIGSEGV in lutil_str2bin() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups:
** Description changed: + [Impact] + When OpenLDAP is used with mdb as its backend, this bug is very likely to occur: when a numeric field that is indexed (could be uidNumber, for example) is removed. This impedes the normal operation of slapd, as it becomes impossible to delete these entries and + any attempt to do so crashes slapd with a segmentation fault. + + [Test Case] + 1. Install OpenLDAP (apt-get install slapd ldap-utils) + 2. Run testbug.sh as root (WARNING: this will wipe /etc/ldap/slapd.d and /var/lib/ldap, do this on a clean install) + 3. Run "ldapdelete -x -D cn=admin,dc=example,dc=com -w test -H ldap:/// 'uid=johndoe,dc=example,dc=com'" + 4. - Expected result: The delete action succeeds, "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com 'uid=johndoe'" should return nothing. + - Actual result: slapd crashes with SIGSEGV (see /var/log/syslog). The entry is not deleted. + + [Regression Potential] + The fix introduces new variables local in function scope. It also removes the side effects + caused by temporarily changing an input variable. Because changing the input variable is not the intended behavior, and this fix only introduces temporary variables in function scope, it can be considered as a safe change. Also, this is the only fix in a long time to utils.c, and didn't cause any problems upstream. + + [Other Info] + When I try to remove certain entries from OpenLDAP, slapd crashes with a segmentation fault, when using the mdb backend. When I looked at the backtrace, it appeared to be this issue: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7174 which is fixed in later versions of Ubuntu (it was fixed in OpenLDAP 2.4.30), but not in precise. It was fixed upstream in this commit: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=92ed65d298e47822b9e3ed7d4f9d8b938bf8b780 The bug occurred on a production server (where the bug first occurred) and in a VM using a dump of that server's directory. I've downloaded the source package, applied Ubuntu-specific patches and the above patch, and the bug does seem to be absent from the compiled result. - - [Impact] - When OpenLDAP is used with mdb as its backend, this bug is very likely to occur: when a numeric field that is indexed (could be uidNumber, for example) is removed. This impedes the normal operation of slapd, as it becomes impossible to delete these entries and - any attempt to do so crashes slapd. - - [Test Case] - 1. Install OpenLDAP (apt-get install slapd ldap-utils) - 2. Run testbug.sh as root (WARNING: this will wipe /etc/ldap/slapd.d and /var/lib/ldap, do this on a clean install) - 3. Run "ldapdelete -x -D cn=admin,dc=example,dc=com -w test -H ldap:/// 'uid=johndoe,dc=example,dc=com'" - 4. - Expected result: The delete action succeeds, "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com 'uid=johndoe'" should return nothing. - - Actual result: slapd crashes with SIGSEGV (see /var/log/syslog). The entry is not deleted. - - [Regression Potential] - The fix introduces new variables local in function scope. It also removes the side effects - caused by temporarily changing an input variable. Because changing the input variable is not the intended behavior, and this fix only introduces temporary variables in function scope, it can be considered as a safe change. Also, this is the only fix in a long time to utils.c, and didn't cause any problems upstream. ProblemType: Crash DistroRelease: Ubuntu 12.04 Package: slapd 2.4.28-1.1ubuntu4.3 ProcVersionSignature: Ubuntu 3.5.0-23.35~precise1-generic 3.5.7.2 Uname: Linux 3.5.0-23-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.4 Architecture: amd64 Date: Sun Aug 25 18:59:12 2013 ExecutablePath: /usr/sbin/slapd InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214) MarkForUpload: True ProcCmdline: /usr/sbin/slapd -h ldap:///\ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.utf8 SegvAnalysis: Segfault happened at: 0x7f208d8ea3b2 <lutil_str2bin+290>: movb $0x0,0x0(%rbp) PC (0x7f208d8ea3b2) ok source "$0x0" ok destination "0x0(%rbp)" (0x7f0c879633d3) in non-writable VMA region: 0x7f0c871b5000-0x7f20871b5000 r--s /var/lib/ldap/data.mdb Stack memory exhausted (SP below stack segment) SegvReason: writing VMA /var/lib/ldap/data.mdb Signal: 11 SourcePackage: openldap StacktraceTop: lutil_str2bin (in=<optimized out>, out=0x7f0c76ffd430, ctx=0x7f0c70000ea0) at ../../../../libraries/liblutil/utils.c:812 integerVal2Key (in=<optimized out>, tmp=<optimized out>, ctx=<optimized out>, key=<optimized out>) at ../../../../servers/slapd/schema_init.c:2545 integerIndexer (use=<optimized out>, flags=<optimized out>, syntax=<optimized out>, mr=<optimized out>, prefix=<optimized out>, values=0x7f0c70001bb8, keysp=0x7f0c76ffd570, ctx=0x7f0c70000ea0) at ../../../../servers/slapd/schema_init.c:2634 indexer (op=0x7f0c70000900, txn=<optimized out>, ai=<optimized out>, atname=0x7f208f9657b8, vals=0x7f0c70001bb8, id=4103, opid=2, mask=4, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:211 index_at_values (op=0x7f0c70000900, txn=0x7f0c70100f80, type=0x7f208f965750, tags=0x7f208f965900, vals=0x7f0c70001bb8, id=4103, opid=2, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:337 Title: slapd crashed with SIGSEGV in lutil_str2bin() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: ** Description changed: [Impact] When OpenLDAP is used with mdb as its backend, this bug is very likely to occur: when a numeric field that is indexed (could be uidNumber, for example) is removed. This impedes the normal operation of slapd, as it becomes impossible to delete these entries and any attempt to do so crashes slapd with a segmentation fault. [Test Case] 1. Install OpenLDAP (apt-get install slapd ldap-utils) 2. Run testbug.sh as root (WARNING: this will wipe /etc/ldap/slapd.d and /var/lib/ldap, do this on a clean install) 3. Run "ldapdelete -x -D cn=admin,dc=example,dc=com -w test -H ldap:/// 'uid=johndoe,dc=example,dc=com'" 4. - Expected result: The delete action succeeds, "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com 'uid=johndoe'" should return nothing. - Actual result: slapd crashes with SIGSEGV (see /var/log/syslog). The entry is not deleted. [Regression Potential] The fix introduces new variables local in function scope. It also removes the side effects caused by temporarily changing an input variable. Because changing the input variable is not the intended behavior, and this fix only introduces temporary variables in function scope, it can be considered as a safe change. Also, this is the only fix in a long time to utils.c, and didn't cause any problems upstream. [Other Info] - When I try to remove certain entries from OpenLDAP, slapd crashes with a segmentation fault, when using the mdb backend. When I looked at the backtrace, it appeared to be this issue: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7174 which is fixed in later versions of Ubuntu (it was fixed in OpenLDAP 2.4.30), but not in precise. It was fixed upstream in this commit: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=92ed65d298e47822b9e3ed7d4f9d8b938bf8b780 The bug occurred on a production server (where the bug first occurred) and in a VM using a dump of that server's directory. I've downloaded the source package, applied Ubuntu-specific patches and the above patch, and the bug does seem to be absent from the compiled result. ProblemType: Crash DistroRelease: Ubuntu 12.04 Package: slapd 2.4.28-1.1ubuntu4.3 ProcVersionSignature: Ubuntu 3.5.0-23.35~precise1-generic 3.5.7.2 Uname: Linux 3.5.0-23-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.4 Architecture: amd64 Date: Sun Aug 25 18:59:12 2013 ExecutablePath: /usr/sbin/slapd InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214) MarkForUpload: True ProcCmdline: /usr/sbin/slapd -h ldap:///\ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.utf8 SegvAnalysis: Segfault happened at: 0x7f208d8ea3b2 <lutil_str2bin+290>: movb $0x0,0x0(%rbp) PC (0x7f208d8ea3b2) ok source "$0x0" ok destination "0x0(%rbp)" (0x7f0c879633d3) in non-writable VMA region: 0x7f0c871b5000-0x7f20871b5000 r--s /var/lib/ldap/data.mdb Stack memory exhausted (SP below stack segment) SegvReason: writing VMA /var/lib/ldap/data.mdb Signal: 11 SourcePackage: openldap StacktraceTop: lutil_str2bin (in=<optimized out>, out=0x7f0c76ffd430, ctx=0x7f0c70000ea0) at ../../../../libraries/liblutil/utils.c:812 integerVal2Key (in=<optimized out>, tmp=<optimized out>, ctx=<optimized out>, key=<optimized out>) at ../../../../servers/slapd/schema_init.c:2545 integerIndexer (use=<optimized out>, flags=<optimized out>, syntax=<optimized out>, mr=<optimized out>, prefix=<optimized out>, values=0x7f0c70001bb8, keysp=0x7f0c76ffd570, ctx=0x7f0c70000ea0) at ../../../../servers/slapd/schema_init.c:2634 indexer (op=0x7f0c70000900, txn=<optimized out>, ai=<optimized out>, atname=0x7f208f9657b8, vals=0x7f0c70001bb8, id=4103, opid=2, mask=4, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:211 index_at_values (op=0x7f0c70000900, txn=0x7f0c70100f80, type=0x7f208f965750, tags=0x7f208f965900, vals=0x7f0c70001bb8, id=4103, opid=2, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:337 Title: slapd crashed with SIGSEGV in lutil_str2bin() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1216650 Title: slapd crashed with SIGSEGV in lutil_str2bin() when using mdb To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1216650/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
