[Bug 1216650] [NEW] slapd crashed with SIGSEGV in lutil_str2bin() when using mdb

Launchpad Bug Tracker 1216650 at bugs.launchpad.net
Sat Aug 31 07:14:11 UTC 2013 

You have been subscribed to a public bug by Roel Standaert (s-roel):

[Impact]
When OpenLDAP is used with mdb as its backend, this bug is very likely to occur: when a numeric field that is indexed (could be uidNumber, for example) is removed. This impedes the normal operation of slapd, as it becomes impossible to delete these entries and
any attempt to do so crashes slapd with a segmentation fault.

[Test Case]
1. Install OpenLDAP (apt-get install slapd ldap-utils)
2. Run testbug.sh as root (WARNING: this will wipe /etc/ldap/slapd.d and /var/lib/ldap, do this on a clean install)
3. Run "ldapdelete -x -D cn=admin,dc=example,dc=com -w test -H ldap:/// 'uid=johndoe,dc=example,dc=com'"
4. - Expected result: The delete action succeeds, "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com 'uid=johndoe'" should return nothing.
   - Actual result: slapd crashes with SIGSEGV (see /var/log/syslog). The entry is not deleted.

[Regression Potential]
The fix introduces new variables local in function scope. It also removes the side effects
caused by temporarily changing an input variable. Because changing the input variable is not the intended behavior, and this fix only introduces temporary variables in function scope, it can be considered as a safe change. Also, this is the only fix in a long time to utils.c, and didn't cause any problems upstream.

[Other Info]
When I try to remove certain entries from OpenLDAP, slapd crashes with a segmentation fault, when using the mdb backend. When I looked at the backtrace, it appeared to be this issue:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7174
which is fixed in later versions of Ubuntu (it was fixed in OpenLDAP 2.4.30), but not in precise.

It was fixed upstream in this commit:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=92ed65d298e47822b9e3ed7d4f9d8b938bf8b780

The bug occurred on a production server (where the bug first occurred)
and in a VM using a dump of that server's directory.

I've downloaded the source package, applied Ubuntu-specific patches and
the above patch, and the bug does seem to be absent from the compiled
result.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: slapd 2.4.28-1.1ubuntu4.3
ProcVersionSignature: Ubuntu 3.5.0-23.35~precise1-generic 3.5.7.2
Uname: Linux 3.5.0-23-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.4
Architecture: amd64
Date: Sun Aug 25 18:59:12 2013
ExecutablePath: /usr/sbin/slapd
InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214)
MarkForUpload: True
ProcCmdline: /usr/sbin/slapd -h ldap:///\ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.utf8
SegvAnalysis:
 Segfault happened at: 0x7f208d8ea3b2 <lutil_str2bin+290>:	movb   $0x0,0x0(%rbp)
 PC (0x7f208d8ea3b2) ok
 source "$0x0" ok
 destination "0x0(%rbp)" (0x7f0c879633d3) in non-writable VMA region: 0x7f0c871b5000-0x7f20871b5000 r--s /var/lib/ldap/data.mdb
 Stack memory exhausted (SP below stack segment)
SegvReason: writing VMA /var/lib/ldap/data.mdb
Signal: 11
SourcePackage: openldap
StacktraceTop:
 lutil_str2bin (in=<optimized out>, out=0x7f0c76ffd430, ctx=0x7f0c70000ea0) at ../../../../libraries/liblutil/utils.c:812
 integerVal2Key (in=<optimized out>, tmp=<optimized out>, ctx=<optimized out>, key=<optimized out>) at ../../../../servers/slapd/schema_init.c:2545
 integerIndexer (use=<optimized out>, flags=<optimized out>, syntax=<optimized out>, mr=<optimized out>, prefix=<optimized out>, values=0x7f0c70001bb8, keysp=0x7f0c76ffd570, ctx=0x7f0c70000ea0) at ../../../../servers/slapd/schema_init.c:2634
 indexer (op=0x7f0c70000900, txn=<optimized out>, ai=<optimized out>, atname=0x7f208f9657b8, vals=0x7f0c70001bb8, id=4103, opid=2, mask=4, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:211
 index_at_values (op=0x7f0c70000900, txn=0x7f0c70100f80, type=0x7f208f965750, tags=0x7f208f965900, vals=0x7f0c70001bb8, id=4103, opid=2, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:337
Title: slapd crashed with SIGSEGV in lutil_str2bin()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

** Affects: openldap (Ubuntu)
     Importance: Medium
         Status: Fix Released

** Affects: openldap (Ubuntu Precise)
     Importance: Medium
         Status: Triaged


** Tags: amd64 apport-crash patch precise
-- 
slapd crashed with SIGSEGV in lutil_str2bin() when using mdb
https://bugs.launchpad.net/bugs/1216650
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list