November 2007 - openldap-bugs

Re: (ITS#5235) ppolicy leads to segfault

by ando＠sys-net.it

Dieter Kluenter wrote: > | #0 0xb7ac6139 in free () from /lib/libc.so.6 > | #1 0xb7f2028a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 > | #2 0x0809b1f2 in ch_free (ptr=0x2009) at ch_malloc.c:139 > | #3 0xb775358c in ppolicy_restrict (op=0xa2253d54, rs=0xa2254148) > | at ppolicy.c:1245 > | #4 0x080f0c5a in overlay_op_walk (op=0xa2253d54, rs=0xa2254148, > | which=op_search, oi=0x829d5d8, on=0x82a1190) at backover.c:642 > | #5 0x080f0e91 in over_op_func (op=0xa2253d54, rs=0xa2254148, which=op_search) > | at backover.c:704 > | #6 0x080f0f15 in over_op_search (op=0xa2253d54, rs=0xa2254148) > | at backover.c:726 > | #7 0xb773f893 in dds_expire (ctx=0xa2254238, di=0x82a4898) at dds.c:181 > | #8 0xb773fe4f in dds_expire_fn (ctx=0xa2254238, arg=0x829cc48) at dds.c:260 > | #9 0xb7f334d2 in ldap_int_thread_pool_wrapper (xpool=0x82507b0) at tpool.c:625 > | #10 0xb7d4f192 in start_thread () from /lib/libpthread.so.0 > | #11 0xb7b2102e in clone () from /lib/libc.so.6 > `---- > > ,----[ frame ] > | (gdb) frame 3 > | #3 0xb775358c in ppolicy_restrict (op=0xa2253d54, rs=0xa2254148) > | at ppolicy.c:1245 > | 1245 ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val ); I assume op->o_conn->c_conn == -1 here, since this is an internal operation. As such, it shouldn't affect slapo-ppolicy(5). p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

16 years

1
0
0 / 0

Re: (ITS#5237) Possible documentation error in admin guide

by hyc＠symas.com

kara(a)karamcnair.com wrote: > Full_Name: Kara McNair > Version: 2.3.27 > OS: OS 10.5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (24.80.228.143) > > > Hi there, > > I'm reading through your admin guide & on page: > http://www.openldap.org/doc/admin24/slapdconfig.html > the last line of section 6.3.2 looks to me like it might have an error in it? > > The text says: > "Some factors may not be appropriate in all environments (or any). For example, > the domain factor relies on IP to domain name lookups. As these can easily > spoofed, the domain factor should _*not*_ be avoided." > > The way it's phrased, I would have expected the final sentence to read: > "As these can easily spoofed, the domain factor should be avoided." > > (the 'not' appears to be at odds with the 'avoided') > > (also, I think there's a 'be' missing between 'easily' and 'spoofed'). > > Thanks very much for your excellent software and very thorough and helpful > documentation! Thanks for the bug report, this is now fixed in CVS. Note that you reported version 2.3.27 on your bug report; it's not a good idea to use docs that don't match the version of software you're using. I suggest you upgrade to 2.3.39 at least and use the docs bundled in that release, or switch to 2.4.6. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

16 years

1
0
0 / 0

Re: (ITS#5235) ppolicy leads to segfault

by hyc＠symas.com

ando(a)sys-net.it wrote: > dieter(a)dkluenter.de wrote: > >> (gdb) bt >> #0 0xb7a67139 in free () from /lib/libc.so.6 >> #1 0xb7ec128a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 >> #2 0x0808f556 in ch_free () >> #3 0xb76f458c in ppolicy_restrict (op=0xa0a50d54, rs=0xa0a51148) >> at ppolicy.c:1245 > > I suspect this free occurs an internal operation initiated with > connection_fake_init(); can you check, from the core, if the value of > op->o_conn->c_conn_idx is -1? If that's the real problem, the better fix would be just to make ppolicy ignore fake connections. Certainly internal operations can never be restricted. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

16 years

1
0
0 / 0

(ITS#5237) Possible documentation error in admin guide

by kara＠karamcnair.com

Full_Name: Kara McNair Version: 2.3.27 OS: OS 10.5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (24.80.228.143) Hi there, I'm reading through your admin guide & on page: http://www.openldap.org/doc/admin24/slapdconfig.html the last line of section 6.3.2 looks to me like it might have an error in it? The text says: "Some factors may not be appropriate in all environments (or any). For example, the domain factor relies on IP to domain name lookups. As these can easily spoofed, the domain factor should _*not*_ be avoided." The way it's phrased, I would have expected the final sentence to read: "As these can easily spoofed, the domain factor should be avoided." (the 'not' appears to be at odds with the 'avoided') (also, I think there's a 'be' missing between 'easily' and 'spoofed'). Thanks very much for your excellent software and very thorough and helpful documentation! Kara

16 years

1
0
0 / 0

Re: (ITS#5235) ppolicy leads to segfault

by dieter＠dkluenter.de

Pierangelo Masarati <ando(a)sys-net.it> writes: > dieter(a)dkluenter.de wrote: > >> (gdb) bt >> #0 0xb7a67139 in free () from /lib/libc.so.6 >> #1 0xb7ec128a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 >> #2 0x0808f556 in ch_free () >> #3 0xb76f458c in ppolicy_restrict (op=0xa0a50d54, rs=0xa0a51148) >> at ppolicy.c:1245 > > I suspect this free occurs an internal operation initiated with > connection_fake_init(); can you check, from the core, if the value of > op->o_conn->c_conn_idx is -1? OK, now again frome the beginning: ,----[ backtrace ] | (gdb) bt | #0 0xb7ac6139 in free () from /lib/libc.so.6 | #1 0xb7f2028a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 | #2 0x0809b1f2 in ch_free (ptr=0x2009) at ch_malloc.c:139 | #3 0xb775358c in ppolicy_restrict (op=0xa2253d54, rs=0xa2254148) | at ppolicy.c:1245 | #4 0x080f0c5a in overlay_op_walk (op=0xa2253d54, rs=0xa2254148, | which=op_search, oi=0x829d5d8, on=0x82a1190) at backover.c:642 | #5 0x080f0e91 in over_op_func (op=0xa2253d54, rs=0xa2254148, which=op_search) | at backover.c:704 | #6 0x080f0f15 in over_op_search (op=0xa2253d54, rs=0xa2254148) | at backover.c:726 | #7 0xb773f893 in dds_expire (ctx=0xa2254238, di=0x82a4898) at dds.c:181 | #8 0xb773fe4f in dds_expire_fn (ctx=0xa2254238, arg=0x829cc48) at dds.c:260 | #9 0xb7f334d2 in ldap_int_thread_pool_wrapper (xpool=0x82507b0) at tpool.c:625 | #10 0xb7d4f192 in start_thread () from /lib/libpthread.so.0 | #11 0xb7b2102e in clone () from /lib/libc.so.6 `---- ,----[ frame ] | (gdb) frame 3 | #3 0xb775358c in ppolicy_restrict (op=0xa2253d54, rs=0xa2254148) | at ppolicy.c:1245 | 1245 ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val ); | (gdb) `---- This shows three memory regions ,----[ memory values ] | (gdb) x/c 0xb775358c | 0xb775358c <ppolicy_restrict+108>: -117 '\213' | (gdb) | | (gdb) x/c 0xa2253d54 | 0xa2253d54: 40 '(' | (gdb) | | (gdb) x/c 0xa2254148 | 0xa2254148: 0 '\0' | (gdb) `---- I hope this is more informative. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6

16 years

1
0
0 / 0

Re: (ITS#5235) ppolicy leads to segfault

by dieter＠dkluenter.de

Pierangelo Masarati <ando(a)sys-net.it> writes: > dieter(a)dkluenter.de wrote: > >> (gdb) bt >> #0 0xb7a67139 in free () from /lib/libc.so.6 >> #1 0xb7ec128a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 >> #2 0x0808f556 in ch_free () >> #3 0xb76f458c in ppolicy_restrict (op=0xa0a50d54, rs=0xa0a51148) >> at ppolicy.c:1245 > > I suspect this free occurs an internal operation initiated with > connection_fake_init(); can you check, from the core, if the value of > op->o_conn->c_conn_idx is -1? Sorry, I'm a bit stupid. (gdb) frame 3 #3 0xb76e758c in ppolicy_restrict (op=0xa09e4d54, rs=0xa09e5148) at ppolicy.c:1245 1245 ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val ); (gdb) -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6

16 years

1
0
0 / 0

Re: (ITS#5235) ppolicy leads to segfault

by dieter＠dkluenter.de

Pierangelo Masarati <ando(a)sys-net.it> writes: > dieter(a)dkluenter.de wrote: > >> (gdb) bt >> #0 0xb7a67139 in free () from /lib/libc.so.6 >> #1 0xb7ec128a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 >> #2 0x0808f556 in ch_free () >> #3 0xb76f458c in ppolicy_restrict (op=0xa0a50d54, rs=0xa0a51148) >> at ppolicy.c:1245 > > I suspect this free occurs an internal operation initiated with > connection_fake_init(); can you check, from the core, if the value of > op->o_conn->c_conn_idx is -1? sorry :-( (gdb) gcore *** buffer overflow detected ***: gdb terminated ======= Backtrace: ========= -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6

16 years

1
0
0 / 0

Re: (ITS#5235) ppolicy leads to segfault

by ando＠sys-net.it

dieter(a)dkluenter.de wrote: > (gdb) bt > #0 0xb7a67139 in free () from /lib/libc.so.6 > #1 0xb7ec128a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 > #2 0x0808f556 in ch_free () > #3 0xb76f458c in ppolicy_restrict (op=0xa0a50d54, rs=0xa0a51148) > at ppolicy.c:1245 I suspect this free occurs an internal operation initiated with connection_fake_init(); can you check, from the core, if the value of op->o_conn->c_conn_idx is -1? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

16 years

1
0
0 / 0

Re: Documentation should indicate that slurpd is deprecated (ITS#5196)

by ghenry＠OpenLDAP.org

marg(a)rz.tu-clausthal.de wrote: > Hello, > > fig. 3.3 in > > http://www.openldap.org/doc/admin24/config.html > > mentions "slurpd", while the text was updated to reflect syncrepl. > > bye > Christian Thanks, I haven't had time to update the pics yet. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

16 years

1
0
0 / 0

Re: (ITS#5236) core.ldif differs from core.schema

by ando＠sys-net.it

hyc(a)symas.com wrote: > dieter(a)dkluenter.de wrote: > Seems someone updated core.schema for RFC4519 but didn't update core.ldif. Was me, sorry. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

16 years

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2007