openldap-bugs May 2007

openldap-bugs@openldap.org

42 participants
156 discussions

Re: (ITS#4975) --without-tls is broken
by hyc＠symas.com 21 May '07

21 May '07

hyc(a)symas.com wrote: > ando(a)sys-net.it wrote: >>> I haven't kept track of the TLS changes though, so I don't know if just >>> moving #ifdefs around is the right fix. >> As far as I understood it, the rationale of those changes was to be able >> to handle, and significantly parse certificates, independently of any TLS >> capability (including when no TLS is available). If you find a >> combination of #ifdef's that gives this, then it should be the right one. > > Your understanding is correct. I can sort this out if you haven't already. > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4965) slapd stops if access to cn=monitor is restricted
by ando＠sys-net.it 21 May '07

21 May '07

ali.pouya(a)free.fr wrote: > Hi Pierangelo; > I tested with HEAD (checked out on Sunday Mai 20) but the problem is > the same : To configure the Monitor database I have to grant read acces > to *. Can you post your slapd.conf? Thanks, p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#4965) slapd stops if access to cn=monitor is restricted
by ali.pouya＠free.fr 21 May '07

21 May '07

Hi Pierangelo; I tested with HEAD (checked out on Sunday Mai 20) but the problem is the same : To configure the Monitor database I have to grant read acces to *. I confirm that I do not have a default rootdn for Monitor. Best Regards Ali

1 0

Re: (ITS#4976) memory corruption in test008-concurrency
by hyc＠symas.com 20 May '07

20 May '07

h.b.furuseth(a)usit.uio.no wrote: > Full_Name: Hallvard B Furuseth > Version: HEAD, RE23 > OS: Linux > URL: > Submission from: (NULL) (129.240.202.105) > Submitted by: hallvard > > > Slapd sometimes crashes with memory corruption in test008-concurrency. Try using ElectricFence, with my pthread patches. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#4976) memory corruption in test008-concurrency
by h.b.furuseth＠usit.uio.no 20 May '07

20 May '07

Full_Name: Hallvard B Furuseth Version: HEAD, RE23 OS: Linux URL: Submission from: (NULL) (129.240.202.105) Submitted by: hallvard Slapd sometimes crashes with memory corruption in test008-concurrency. ./configure LIBS="-lmcheck" (a glibc memory checking library) provokes the bug regularly: it dumps core after reporting "memory clobbered before allocated block" somewhere in the test output. It still happens with no avoidable non-OpenLDAP packages (testing with back-null or back-ldif): bash$ ./configure --disable-backends --enable-null --disable-overlays \ --without-cyrus-sasl --without-tls --quiet LIBS="-lmcheck" "configure --without-threads" seems to prevent the crash, so I presume it's thread-related. So far, Valgrind has prevented it too:-( If someone has Purify, maybe that can find it. Patch needed to test with back-null: --- tests/data/slapd.conf~ 2007-01-06 20:35:00 +0100 +++ tests/data/slapd.conf 2007-05-19 19:45:23 +0200 @@ -40,3 +40,6 @@ suffix "dc=example,dc=com" -directory @TESTDIR@/db.1.a +#bdb#directory @TESTDIR@/db.1.a +#hdb#directory @TESTDIR@/db.1.a +#ldif#directory @TESTDIR@/db.1.a +#null#bind on rootdn "cn=Manager,dc=example,dc=com" --- tests/scripts/acfilter.sh~ 2007-01-06 20:35:00 +0100 +++ tests/scripts/acfilter.sh 2007-05-19 20:01:19 +0200 @@ -15,4 +15,5 @@ # -# Strip comments +# Strip comments, or remove everything with back-null # -grep -v '^#' + +test "$BACKEND" = "null" || grep -v '^#' Test loop: cd tests try() { ulimit -c unlimited echo ./run -b $1 test008 nice ./run -b $1 test008 && test "`echo core*`" = "core*" } (declare -i n=0; while try null && try ldif; do n=$n+1; echo "#$n done"; done) I don't see anything from the backtraces, they report when the problem is noticed instead of when it is created. E.g.: #0 0x0039e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x003df7a5 in raise () from /lib/tls/libc.so.6 #2 0x003e1209 in abort () from /lib/tls/libc.so.6 #3 0x00413a1a in __libc_message () from /lib/tls/libc.so.6 #4 0x00413a54 in __libc_fatal () from /lib/tls/libc.so.6 #5 0x0041fddf in mabort () from /lib/tls/libc.so.6 #6 0x0041f655 in freehook () from /lib/tls/libc.so.6 #7 0x0041a5e5 in free () from /lib/tls/libc.so.6 #8 0x080fea27 in ber_bvarray_free (a=0x0) at memory.c:744 #9 0x0806a34e in attr_clean (a=0x4dfff4) at attr.c:134 #10 0x0806a454 in attrs_free (a=0x8e56204) at attr.c:194 #11 0x0806b0c9 in entry_clean (e=0x8e4bdd4) at entry.c:473 #12 0x0806b142 in entry_free (e=0x8e4bdd4) at entry.c:483 #13 0x0806e898 in be_entry_release_rw (op=0x8e84c78, e=0x8e4bdd4, rw=6) at backend.c:797 #14 0x08069221 in do_add (op=0x8e84c78, rs=0xb59fe154) at add.c:197 #15 0x080626e7 in connection_operation (ctx=0xb59fe228, arg_v=0x8e84c78) at connection.c:1145 #16 0x08062d44 in connection_read_thread (ctx=0xb59fe228, argv=0xa) at connection.c:1271 #17 0x080dc75a in ldap_int_thread_pool_wrapper (xpool=0x8e04fe8) at tpool.c:725 #18 0x006193cc in start_thread () from /lib/tls/libpthread.so.0 #19 0x00480c3e in clone () from /lib/tls/libc.so.6

1 0

Re: (ITS#4975) --without-tls is broken
by h.b.furuseth＠usit.uio.no 20 May '07

20 May '07

Fixed in HEAD. -- Regards, Hallvard

1 0

Re: (ITS#4975) --without-tls is broken
by hyc＠symas.com 20 May '07

20 May '07

ando(a)sys-net.it wrote: >> I haven't kept track of the TLS changes though, so I don't know if just >> moving #ifdefs around is the right fix. > > As far as I understood it, the rationale of those changes was to be able > to handle, and significantly parse certificates, independently of any TLS > capability (including when no TLS is available). If you find a > combination of #ifdef's that gives this, then it should be the right one. Your understanding is correct. I can sort this out if you haven't already. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4975) --without-tls is broken
by ando＠sys-net.it 20 May '07

20 May '07

> I haven't kept track of the TLS changes though, so I don't know if just > moving #ifdefs around is the right fix. As far as I understood it, the rationale of those changes was to be able to handle, and significantly parse certificates, independently of any TLS capability (including when no TLS is available). If you find a combination of #ifdef's that gives this, then it should be the right one. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#4975) --without-tls is broken
by h.b.furuseth＠usit.uio.no 20 May '07

20 May '07

Full_Name: Hallvard B Furuseth Version: HEAD OS: Linux URL: Submission from: (NULL) (129.240.202.105) Submitted by: hallvard slapd/schema_init.c:certificateExactNormalize() (outside HAVE_TLS) needs slapd/dn.c:dnX509normalize() (inside HAVE_TLS). The latter uses libldap/tls.c:ldap_X509dn2bv() (outside HAVE_TLS), which needs oid_name oids[] (inside HAVE_TLS). If those are all moved outside HAVE_TLS, test021-certificate still fails: Running ./scripts/test021-certificate... running defines.sh Running slapadd to build slapd database... Starting slapd on TCP/IP port 9011... Testing certificate handling... Add certificates... ldapmodify failed (18)! ...because certificateExactNormalize() isn't used (the certificateExactMatch syntax #ifdef HAVE_TLS'es it out). It passes if that #ifdef is removed too. I haven't kept track of the TLS changes though, so I don't know if just moving #ifdefs around is the right fix.

1 0

(ITS#4974) tls calls ldap_pvt_thread_self with wrong prototype
by h.b.furuseth＠usit.uio.no 20 May '07

20 May '07

Full_Name: Hallvard B Furuseth Version: HEAD, RE23 OS: URL: Submission from: (NULL) (129.240.202.105) Submitted by: hallvard libldap/tls.c calls CRYPTO_set_id_callback(ldap_pvt_thread_self), which causes ldap_pvt_thread_self to be called with the wrong prototype. That can cause OpenSSL to use a garbage value, e.g. if the unsigned long it expects takes two words but ldap_pvt_thread_t is an int. I'm fixing it in HEAD now and also inserting a check for whether ldap_pvt_thread_t fits in an unsigned long. Maybe the latter should go in configure, but since OpenSSL presumably breaks anyway if that fails I don't see much point at this time.

1 0

← Newer
1
...
4
5
6
7
8
9
10
...
16
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs May 2007