https://bugzilla.redhat.com/show_bug.cgi?id=802706 (Fedora)
Description of problem: ldap-agent crashes on start with signal SIGSEGV, Segmentation fault. Version-Release number of selected component (if applicable): 389-ds-base-1.2.10.2-1.fc16.x86_64 How reproducible: Steps to Reproduce: 1. /usr/sbin/ldap-agent-bin /etc/dirsrv/config/ldap-agent.conf Actual results: Program received signal SIGSEGV, Segmentation fault. Expected results: Supposed to start. Additional info: # cat /etc/dirsrv/config/ldap-agent.conf agentx-master /var/agentx/master agent-logdir /var/log/dirsrv server slapd-CASTLE-AIMK-COM server slapd-PKI-IPA # strace /usr/sbin/ldap-agent-bin /etc/dirsrv/config/ldap-agent.conf ... open("/etc/dirsrv/config/ldap-agent.conf", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=1059, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdcf7ad0000 read(3, "# The agentx-master setting defi"..., 4096) = 1059 open("/etc/dirsrv/slapd-CASTLE-AIMK-COM/dse.ldif", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0600, st_size=88044, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdcf7acf000 read(4, "dn:\nobjectClass: top\naci: (targe"..., 4096) = 4096 open("/etc/dirsrv/slapd-PKI-IPA/dse.ldif", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0600, st_size=107311, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdcf7ace000 read(5, "dn:\nobjectClass: top\naci: (targe"..., 4096) = 4096 --- {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} (Segmentation fault) --- +++ killed by SIGSEGV (core dumped) +++ Segmentation fault (core dumped) # gdb --args /usr/sbin/ldap-agent-bin /etc/dirsrv/config/ldap-agent.conf GNU gdb (GDB) Fedora (7.3.50.20110722-10.fc16) ... Reading symbols from /usr/sbin/ldap-agent-bin...Reading symbols from /usr/lib/debug/usr/sbin/ldap-agent-bin.debug...done. done. (gdb) run Starting program: /usr/sbin/ldap-agent-bin /etc/dirsrv/config/ldap-agent.conf [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. __strcpy_ssse3 () at ../sysdeps/x86_64/multiarch/strcpy-ssse3.S:2473 2473 movl %eax, (%rdx) Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-3.fc15.x86_64 elfutils-libelf-0.152-1.fc16.x86_64 keyutils-libs-1.5.2-1.fc16.x86_64 libacl-2.2.51-2.fc16.x86_64 libattr-2.4.46-2.fc16.x86_64 libcap-2.22-1.fc15.x86_64 libselinux-2.1.6-6.fc16.x86_64 lua-5.1.4-9.fc16.x86_64 nss-softokn-freebl-3.13.1-15.fc16.x86_64 nss-util-3.13.1-3.fc16.x86_64 perl-libs-5.14.2-195.fc16.x86_64 popt-1.13-9.fc16.x86_64 xz-libs-5.1.1-1alpha.fc16.x86_64 zlib-1.2.5-6.fc16.x86_64 (gdb) info stack #0 __strcpy_ssse3 () at ../sysdeps/x86_64/multiarch/strcpy-ssse3.S:2473 #1 0x000000396c63bfff in ldif_read_record (lfp=0x60b890, lno=0x7fffffffd27c, bufp=0x7fffffffd250, buflenp=0x7fffffffd278) at /usr/include/bits/string3.h:105 #2 0x000000000040259f in load_config (conf_path=<optimized out>) at ldap/servers/snmp/main.c:404 #3 0x0000000000401cb6 in main (argc=<optimized out>, argv=<optimized out>) at ldap/servers/snmp/main.c:102
attachment snmp-dse.ldif
attachment 0001-Ticket-319-ldap-agent-crashes-on-start-with-signal-S.patch
To reproduce you need to have two or more slapd instances defined in ldap-agent.conf file, the agent will crash at startup.
When using openldap, we were not reseting the buffer length between dse.ldif files. So we end passing in a huge buffer length for the first line of the new file, which leads to invalid memory being read later on.
Thanks for the review Rich!
[mareynol@localhost snmp]$ git merge ticket319 Updating 77cacd9..58dc93c Fast-forward ldap/servers/snmp/main.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)
[mareynol@localhost snmp]$ git push origin master Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 778 bytes, done. Total 6 (delta 5), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 77cacd9..58dc93c master -> master
originally targeted for 1.2.11.rc1, but actually in the 1.2.11.a1 release
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=834057
Added initial screened field value.
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.2.11.a1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/319
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.