[Bug 1216650] Re: slapd crashed with SIGSEGV in lutil_str2bin() when using mdb

Roel Standaert roel at standaert.info
Sun Sep 1 22:37:16 UTC 2013 

** Changed in: openldap (Ubuntu Precise)
     Assignee: (unassigned) => Roel Standaert (s-roel)

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1216650

Title:
  slapd crashed with SIGSEGV in lutil_str2bin() when using mdb

Status in “openldap” package in Ubuntu:
  Fix Released
Status in “openldap” source package in Precise:
  Triaged

Bug description:
  [Impact]
  When OpenLDAP is used with mdb as its backend, this bug is very likely to occur: when a numeric field that is indexed (could be uidNumber, for example) is removed. This impedes the normal operation of slapd, as it becomes impossible to delete these entries and
  any attempt to do so crashes slapd with a segmentation fault.

  [Test Case]
  1. Install OpenLDAP (apt-get install slapd ldap-utils)
  2. Run testbug.sh as root (WARNING: this will wipe /etc/ldap/slapd.d and /var/lib/ldap, do this on a clean install)
  3. Run "ldapdelete -x -D cn=admin,dc=example,dc=com -w test -H ldap:/// 'uid=johndoe,dc=example,dc=com'"
  4. - Expected result: The delete action succeeds, "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com 'uid=johndoe'" should return nothing.
     - Actual result: slapd crashes with SIGSEGV (see /var/log/syslog). The entry is not deleted.

  [Regression Potential]
  The fix introduces new variables local in function scope. It also removes the side effects
  caused by temporarily changing an input variable. Because changing the input variable is not the intended behavior, and this fix only introduces temporary variables in function scope, it can be considered as a safe change. Also, this is the only fix in a long time to utils.c, and didn't cause any problems upstream.

  [Other Info]
  When I try to remove certain entries from OpenLDAP, slapd crashes with a segmentation fault, when using the mdb backend. When I looked at the backtrace, it appeared to be this issue:
  http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7174
  which is fixed in later versions of Ubuntu (it was fixed in OpenLDAP 2.4.30), but not in precise.

  It was fixed upstream in this commit:
  http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=92ed65d298e47822b9e3ed7d4f9d8b938bf8b780

  The bug occurred on a production server (where the bug first occurred)
  and in a VM using a dump of that server's directory.

  I've downloaded the source package, applied Ubuntu-specific patches
  and the above patch, and the bug does seem to be absent from the
  compiled result.

  ProblemType: Crash
  DistroRelease: Ubuntu 12.04
  Package: slapd 2.4.28-1.1ubuntu4.3
  ProcVersionSignature: Ubuntu 3.5.0-23.35~precise1-generic 3.5.7.2
  Uname: Linux 3.5.0-23-generic x86_64
  ApportVersion: 2.0.1-0ubuntu17.4
  Architecture: amd64
  Date: Sun Aug 25 18:59:12 2013
  ExecutablePath: /usr/sbin/slapd
  InstallationMedia: Ubuntu-Server 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130214)
  MarkForUpload: True
  ProcCmdline: /usr/sbin/slapd -h ldap:///\ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.utf8
  SegvAnalysis:
   Segfault happened at: 0x7f208d8ea3b2 <lutil_str2bin+290>:	movb   $0x0,0x0(%rbp)
   PC (0x7f208d8ea3b2) ok
   source "$0x0" ok
   destination "0x0(%rbp)" (0x7f0c879633d3) in non-writable VMA region: 0x7f0c871b5000-0x7f20871b5000 r--s /var/lib/ldap/data.mdb
   Stack memory exhausted (SP below stack segment)
  SegvReason: writing VMA /var/lib/ldap/data.mdb
  Signal: 11
  SourcePackage: openldap
  StacktraceTop:
   lutil_str2bin (in=<optimized out>, out=0x7f0c76ffd430, ctx=0x7f0c70000ea0) at ../../../../libraries/liblutil/utils.c:812
   integerVal2Key (in=<optimized out>, tmp=<optimized out>, ctx=<optimized out>, key=<optimized out>) at ../../../../servers/slapd/schema_init.c:2545
   integerIndexer (use=<optimized out>, flags=<optimized out>, syntax=<optimized out>, mr=<optimized out>, prefix=<optimized out>, values=0x7f0c70001bb8, keysp=0x7f0c76ffd570, ctx=0x7f0c70000ea0) at ../../../../servers/slapd/schema_init.c:2634
   indexer (op=0x7f0c70000900, txn=<optimized out>, ai=<optimized out>, atname=0x7f208f9657b8, vals=0x7f0c70001bb8, id=4103, opid=2, mask=4, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:211
   index_at_values (op=0x7f0c70000900, txn=0x7f0c70100f80, type=0x7f208f965750, tags=0x7f208f965900, vals=0x7f0c70001bb8, id=4103, opid=2, ad=<optimized out>) at ../../../../../servers/slapd/back-mdb/index.c:337
  Title: slapd crashed with SIGSEGV in lutil_str2bin()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1216650/+subscriptions

More information about the Ubuntu-sponsors mailing list