#49890 ldapsearch with server side sort crashes the ldap server
Closed: fixed a year ago Opened a year ago by mreynolds.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1607078

Description of problem:
Any authenticated user doing a search using ldapsearch with extended controls
for
server side sorting is bringing down the ldap server itself.

Version-Release number of selected component (if applicable):
389-ds-base-1.3.7.5-18.el7.x86_64.rpm

How reproducible:
- Always reproduciable


Steps to Reproduce:
- Just install the rpm with some sample data
- Run the below ldapsearch
ldapsearch -D"cn=Directory Manager" -W -E sss=uid:2.5.13.3

Actual results:
# ldapsearch -D"cn=Directory Manager" -W -E sss=uid:2.5.13.3 > /dev/null
Enter LDAP Password:
ldap_result: Can't contact LDAP server (-1)
#

- System logs show the server is no longer responding
Jul 21 14:33:37 ipa-lab-vm-01 ns-slapd: [21/Jul/2018:14:33:37.566302429 +0000]
- WARN - default_mr_indexer_create - Plugin [caseExactIA5Match] does not handle
2.5.13.3
Jul 21 14:33:37 ipa-lab-vm-01 ns-slapd: [21/Jul/2018:14:33:37.571733926 +0000]
- WARN - default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not
handle 2.5.13.3
Jul 21 14:33:38 ipa-lab-vm-01 kernel: ns-slapd[31886]: segfault at 0 ip
00007f301a986d5d sp 00007f2fd38057b0 error 4 in
libback-ldbm.so[7f301a90d000+a0000]
Jul 21 14:33:38 ipa-lab-vm-01 systemd: dirsrv@XXXXXXXXXXXXX-NET.service: main
process exited, code=killed, status=11/SEGV
Jul 21 14:33:38 ipa-lab-vm-01 systemd: Unit dirsrv@XXXXXXXXXXX-NET.service
entered failed state.
Jul 21 14:33:38 ipa-lab-vm-01 systemd: dirsrv@XXXXXXXXX-NET.service failed.


Expected results:
- If the ldapserver can not provide extended controls, it should through error,
but should not crash
- This issue is allowing any authenticated user to bring down the server, by
just running a query


Additional info:

Metadata Update from @mreynolds:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1607078

a year ago

Metadata Update from @mreynolds:
- Issue assigned to mreynolds

a year ago

https://pagure.io/389-ds-base/pull-request/49898

This fix just stops the crash, but server side sorting is not working at all. Need to file a new ticket to address that.

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: fixed
- Issue set to the milestone: 1.3.7.0 (was: 0.0 NEEDS_TRIAGE)
- Issue status updated to: Closed (was: Open)

a year ago

commit c989e18 (master)

1642dbc..680336a 389-ds-base-1.3.8 -> 389-ds-base-1.3.8

b8d9157..063455b 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

Login to comment on this ticket.

Metadata