389-ds-base

Clone
Source Code
GIT

#319 ldap-agent crashes on start with signal SIGSEGV
Closed: wontfix None Opened 12 years ago by rmeggins.

Closed: wontfix
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=802706 (Fedora)

Description of problem:

ldap-agent crashes on start with signal SIGSEGV, Segmentation fault.

Version-Release number of selected component (if applicable):

389-ds-base-1.2.10.2-1.fc16.x86_64

How reproducible:

Steps to Reproduce:
1. /usr/sbin/ldap-agent-bin /etc/dirsrv/config/ldap-agent.conf

Actual results:

Program received signal SIGSEGV, Segmentation fault.

Expected results:

Supposed to start.

Additional info:

# cat /etc/dirsrv/config/ldap-agent.conf

agentx-master /var/agentx/master
agent-logdir /var/log/dirsrv
server slapd-CASTLE-AIMK-COM
server slapd-PKI-IPA

# strace /usr/sbin/ldap-agent-bin /etc/dirsrv/config/ldap-agent.conf
...
open("/etc/dirsrv/config/ldap-agent.conf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1059, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fdcf7ad0000
read(3, "# The agentx-master setting defi"..., 4096) = 1059
open("/etc/dirsrv/slapd-CASTLE-AIMK-COM/dse.ldif", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=88044, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fdcf7acf000
read(4, "dn:\nobjectClass: top\naci: (targe"..., 4096) = 4096
open("/etc/dirsrv/slapd-PKI-IPA/dse.ldif", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0600, st_size=107311, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fdcf7ace000
read(5, "dn:\nobjectClass: top\naci: (targe"..., 4096) = 4096
--- {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} (Segmentation fault) ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)

# gdb --args /usr/sbin/ldap-agent-bin /etc/dirsrv/config/ldap-agent.conf
GNU gdb (GDB) Fedora (7.3.50.20110722-10.fc16)
...
Reading symbols from /usr/sbin/ldap-agent-bin...Reading symbols from
/usr/lib/debug/usr/sbin/ldap-agent-bin.debug...done.
done.
(gdb) run
Starting program: /usr/sbin/ldap-agent-bin /etc/dirsrv/config/ldap-agent.conf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
__strcpy_ssse3 () at ../sysdeps/x86_64/multiarch/strcpy-ssse3.S:2473
2473            movl    %eax, (%rdx)
Missing separate debuginfos, use: debuginfo-install
bzip2-libs-1.0.6-3.fc15.x86_64 elfutils-libelf-0.152-1.fc16.x86_64
keyutils-libs-1.5.2-1.fc16.x86_64 libacl-2.2.51-2.fc16.x86_64
libattr-2.4.46-2.fc16.x86_64 libcap-2.22-1.fc15.x86_64
libselinux-2.1.6-6.fc16.x86_64 lua-5.1.4-9.fc16.x86_64
nss-softokn-freebl-3.13.1-15.fc16.x86_64 nss-util-3.13.1-3.fc16.x86_64
perl-libs-5.14.2-195.fc16.x86_64 popt-1.13-9.fc16.x86_64
xz-libs-5.1.1-1alpha.fc16.x86_64 zlib-1.2.5-6.fc16.x86_64
(gdb) info stack
#0  __strcpy_ssse3 () at ../sysdeps/x86_64/multiarch/strcpy-ssse3.S:2473
#1  0x000000396c63bfff in ldif_read_record (lfp=0x60b890, lno=0x7fffffffd27c,
bufp=0x7fffffffd250,
    buflenp=0x7fffffffd278) at /usr/include/bits/string3.h:105
#2  0x000000000040259f in load_config (conf_path=<optimized out>) at
ldap/servers/snmp/main.c:404
#3  0x0000000000401cb6 in main (argc=<optimized out>, argv=<optimized out>) at
ldap/servers/snmp/main.c:102

attachment
snmp-dse.ldif

To reproduce you need to have two or more slapd instances defined in ldap-agent.conf file, the agent will crash at startup.

When using openldap, we were not reseting the buffer length between dse.ldif files. So we end passing in a
huge buffer length for the first line of the new file, which leads to invalid memory being read later on.

Thanks for the review Rich!

[mareynol@localhost snmp]$ git merge ticket319
Updating 77cacd9..58dc93c
Fast-forward
ldap/servers/snmp/main.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

[mareynol@localhost snmp]$ git push origin master
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 778 bytes, done.
Total 6 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
77cacd9..58dc93c master -> master

originally targeted for 1.2.11.rc1, but actually in the 1.2.11.a1 release

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=834057

Added initial screened field value.

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.2.11.a1
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/319

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
ack
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.