(ITS#8001) Segmentation Fault in ldap_sync_*
by alexey@kireyev.name
Full_Name: Alexey Kireyev
Version: 2.4.40
OS: Ubuntu 14.04
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (98.118.88.65)
If not all fields in ldap_sync_t manually set after ldap_sync_initialize, then
any following calls might (and most probably will) ends in segmentation fault.
Reason: ldap_sync_initialize doesn't zeroed newly allocated structure (it does
it for pre-existing, though, which is wrong by itself in my view)
--------------------------------------------------------------------------------------------------------
>From 01149a2eba9f463261d88e5a1ce43e19c4a323cf Mon Sep 17 00:00:00 2001
From: Alexey Kireyev <alexey(a)kireyev.name>
Date: Wed, 10 Dec 2014 14:37:16 -0500
Subject: [PATCH] Newly allocated ldap_sync_t has to be zero out
---
libraries/libldap/ldap_sync.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/libraries/libldap/ldap_sync.c b/libraries/libldap/ldap_sync.c
index e573c3b..e79153f 100644
--- a/libraries/libldap/ldap_sync.c
+++ b/libraries/libldap/ldap_sync.c
@@ -64,11 +64,10 @@ ldap_sync_initialize( ldap_sync_t *ls_in )D%D
if ( ls == NULL ) {
return NULL;
}
-
- } else {
- memset( ls, 0, sizeof( ldap_sync_t ) );
}
+ memset( ls, 0, sizeof( ldap_sync_t ) );
+
ls->ls_scope = LDAP_SCOPE_SUBTREE;
ls->ls_timeout = -1;
--
1.9.1
The attached patch file is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following patch(es) were
developed by Alexey Kireyev alexey(a)kireyev.name. I have not assigned rights
and/or interest in this work to any party.
I, Alexey Kireyev, hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice.
8 years, 5 months
(ITS#8000) Warnings building contrib overlay passwd/sha2
by michael@stroeder.com
Full_Name:
Version: RE24
OS:
URL:
Submission from: (NULL) (79.227.174.182)
HI!
I'm trying to package passwd/sha2 for openSUSE.
The default compiler options in their build system results in these warnings:
[ 193s] + CFLAGS='-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches
-fstack-protector -O2 -Wall -D_FORTIFY_SOURCE=2 -funwind-tables
-fasynchronous-unwind-tables -g -Wno-format-extra-args -fno-strict-aliasing'
[ 193s] + make -j4 sysconfdir=/etc/openldap libdir=/usr/lib
libexecdir=/usr/lib
[ 193s] ../../../../libtool --mode=compile gcc -g -O2 -Wall
-I..%2.%./../../include -I../../../../include -I../../../../servers/slapd -c
slapd-sha2.c
[ 193s] ../../../../libtool --mode=compile gcc -g -O2 -Wall
-I../../../../include -I../../../../include -I../../../../servers/slapd -c
sha2.c
[ 193s] mkdir .libs
[ 193s] mkdir .libs
[ 193s] mkdir: cannot create directory '.libs': File exists
[ 193s] gcc -g -O2 -Wall -I../../../../include -I../../../../include
-I../../../../servers/slapd -c sha2.c -fPIC -DPIC -o .libs/sha2.o
[ 193s] gcc -g -O2 -Wall -I../../../../include -I../../../../include
-I../../../../servers/slapd -c slapd-sha2.c -fPIC -DPIC -o .libs/slapd-sha2.o
[ 193s] sha2.c: In function 'SHA256_Final':
[ 193s] sha2.c:608:3: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]
[ 193s] *(sha2_word64*)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] =
context->bitcount;
[ 193s] ^
[ 193s] sha2.c: In function 'SHA512_Last':
[ 193s] sha2.c:925:2: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]
[ 193s] *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] =
context->bitcount[1];
[ 193s] ^
[ 193s] sha2.c:926:2: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]
[ 193s] *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] =
context->bitcount[0];
[ 193s] ^
[ 193s] gcc -g -O2 -Wall -I../../../../include -I../../../../include
-I../../../../servers/slapd -c slapd-sha2.c -o slapd-sha2.o >/dev/null
2>&1
[ 193s] gcc -g -O2 -Wall -I../../../../include -I../../../../include
-I../../../../servers/slapd -c sha2.c -o sha2.o >/dev/null 2>&1
[ 194s] ../../../../libtool --mode=link gcc -g -O2 -Wall -version-info 0:0:0 \
[ 194s] -rpath /usr/lib/openldap -module -o pw-sha2.la slapd-sha2.lo sha2.lo
../../../../libraries/libldap_r/libldap_r.la
../../../../libraries/liblber/liblber.la
[ 194s] cc -shared .libs/slapd-sha2.o .libs/sha2.o -Wl,--rpath
-Wl,/home/abuild/rpmbuild/BUILD/openldap-2.4.40/libraries/libldap_r/.libs
-Wl,--rpath -Wl,/home/abuild/rpmbuild/BUILD/openldap-2.4.40/libraries/liblber/.libs
-L/home/abuild/rpmbuild/BUILD/openldap-2.4.40/libraries/liblber/.libs
../../../../libraries/libldap_r/.libs/libldap_r.so
../../../../libraries/liblber/.libs/liblber.so -Wl,-soname -Wl,pw-sha2.so.0 -o
.libs/pw-sha2.so.0.0.0
[ 194s] (cd .libs && rm -f pw-sha2.so.0 && ln -s
pw-sha2.so.0.0.0 pw-sha2.so.0)
[ 194s] (cd .libs && rm -f pw-sha2.so && ln -s pw-sha2.so.0.0.0
pw-sha2.so)
[ 194s] ar cru .libs/pw-sha2.a slapd-sha2.o sha2.o
[ 194s] ranlib .libs/pw-sha2.a
[ 194s] creating pw-sha2.la
Overall RPM build fails with:
[ 262s] I: Program is likely to break with new gcc. Try -fno-strict-aliasing.
[ 262s] W: openldap2 strict-aliasing-punning sha2.c:608, 925, 926
8 years, 5 months
(ITS#7999) proxycache failed for bdb while testing
by yjd@zjca.com.cn
Full_Name: edong
Version: 2.4.40
OS: CentOS 6.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (60.190.254.10)
BerkeleyDB version: 5.3.28
./configure --enable-crypt --enable-lmpasswd --enable-spasswd --enable-modules
--enable-backends=mod --enable-perl=no --enable-ndb=no --enable-overlays=mod
--enable-dynamic
The "make test" fails as follow3A3A
...
Testing Bind caching
Query 19: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
Query 20: (Bind should be cached)
Refresh failed
>>>>> test020-proxycache failed for bdb
(exit 1)
make[2]: *** [bdb-mod] Error 1
make[2]: Leaving directory `/root/Downloads/openldap-2.4.40/tests'
make[1]: *** [test] Error 2
make[1]: Leaving directory `/root/Downloads/openldap-2.4.40/tests'
make: *** [test] Error 2
8 years, 5 months
Re: (ITS#7968) SIGSEGV shortly after reconnection performed by syncrepl due to synchronization conflicts
by leo@yuriev.ru
This is a multi-part message in MIME format.
--------------090602010509010401080002
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
I saw that the master is lost some changes of the my original patch
(that was early attached to ITS).
Please see attached diff.
I think it is a race condition around si_cookieState inside for-loop.
--------------090602010509010401080002
Content-Type: text/x-patch;
name="its#7968-lost.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="its#7968-lost.patch"
diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -958,15 +958,17 @@ do_syncrep2(
ldap_pvt_thread_yield();
}
+ ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
for ( i =0; i<si->si_cookieState->cs_pnum; i++ ) {
if ( sid < si->si_cookieState->cs_psids[i] )
break;
if ( si->si_cookieState->cs_psids[i] == sid ) {
if ( ber_bvcmp( syncCookie.ctxcsn, &si->si_cookieState->cs_pvals[i] ) <= 0 ) {
- ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex );
bdn.bv_val[bdn.bv_len] = '\0';
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN pending, ignoring %s (%s)\n",
si->si_ridtxt, syncCookie.ctxcsn->bv_val, bdn.bv_val );
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex );
ldap_controls_free( rctrls );
rc = 0;
goto done;
@@ -983,6 +985,7 @@ do_syncrep2(
(struct sync_cookie *)&si->si_cookieState->cs_pvals,
i, sid, syncCookie.ctxcsn );
}
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
assert( punlock < 0 );
punlock = i;
} else if (si->si_too_old) {
--------------090602010509010401080002--
8 years, 6 months
Re: (ITS#7995) of-by-one error in schema
by hyc@symas.com
Леонид Юрьев wrote:
> (2)
> But let see to lines 570-575 of mdb-back/attr.c and lines 764-772 of slapd/ad.c:
> - does the mdb-value include a NUL byte =
> https://github.com/leo-yuriev/openldap-lmdb-challenge/blob/2.4-devel/serv...
> - if "YES" then "+1" at slapd/ad.c:764 is wrong =
> https://github.com/leo-yuriev/openldap-lmdb-challenge/blob/2.4-devel/serv...
> - but if "NO" then "strcpy()" at slapd/ad.c:772 (and more) is wrong =
> https://github.com/leo-yuriev/openldap-lmdb-challenge/blob/2.4-devel/serv...
And the answer is no, back-mdb/attr.c mdb_ad_get() doesn't store the
trailing NUL byte,
> diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c
> index 246b900..fd60483 100644
> --- a/servers/slapd/ad.c
> +++ b/servers/slapd/ad.c
> @@ -118,7 +118,7 @@ AttributeDescription * ad_find_tags(
> for (ad = type->sat_ad; ad; ad=ad->ad_next)
> {
> if (ad->ad_tags.bv_len == tags->bv_len &&
> - !strcasecmp(ad->ad_tags.bv_val, tags->bv_val))
> + !strncasecmp( ad->ad_tags.bv_val, tags->bv_val, ad->ad_tags.bv_len ))
> break;
> }
Unnecessary.
> ldap_pvt_thread_mutex_unlock( &type->sat_ad_mutex );
> @@ -742,14 +742,13 @@ int slap_bv2undef_ad(
> /* use the appropriate type */
> if ( flags & SLAP_AD_PROXIED ) {
> at = slap_schema.si_at_proxied;
> -
> } else {
> at = slap_schema.si_at_undefined;
> }
>
> for( desc = at->sat_ad; desc; desc=desc->ad_next ) {
> if( desc->ad_cname.bv_len == bv->bv_len &&
> - !strcasecmp( desc->ad_cname.bv_val, bv->bv_val ) )
> + !strncasecmp( desc->ad_cname.bv_val, bv->bv_val, desc->ad_cname.bv_len) )
Unnecessary. We've already checked that the two lengths are equal; even
if bv->bv_val is non-terminated the compare will stop because
desc->ad_cname is terminated.
> {
> break;
> }
> @@ -769,7 +768,8 @@ int slap_bv2undef_ad(
>
> desc->ad_cname.bv_len = bv->bv_len;
> desc->ad_cname.bv_val = (char *)(desc+1);
> - strcpy(desc->ad_cname.bv_val, bv->bv_val);
> + strncpy( desc->ad_cname.bv_val, bv->bv_val, desc->ad_cname.bv_len )
> + [desc->ad_cname.bv_len] = '\0';
This is a valid fix.
>
> /* canonical to upper case */
> ldap_pvt_str2upper( desc->ad_cname.bv_val );
> @@ -806,9 +806,10 @@ slap_bv2tmp_ad(
> slap_sl_mfuncs.bmf_malloc( sizeof(AttributeDescription) +
> bv->bv_len + 1, memctx );
>
> - ad->ad_cname.bv_val = (char *)(ad+1);
> - strncpy( ad->ad_cname.bv_val, bv->bv_val, bv->bv_len+1 );
> ad->ad_cname.bv_len = bv->bv_len;
> + ad->ad_cname.bv_val = (char *)(ad+1);
> + strncpy( ad->ad_cname.bv_val, bv->bv_val, ad->ad_cname.bv_len)
> + [ad->ad_cname.bv_len] = '\0';
> ad->ad_flags = SLAP_DESC_TEMPORARY;
> ad->ad_type = slap_schema.si_at_undefined;
>
Unnecessary.
> @@ -887,7 +888,7 @@ an_find(
>
> for ( ; a->an_name.bv_val; a++ ) {
> if ( a->an_name.bv_len != s->bv_len) continue;
> - if ( strcasecmp( s->bv_val, a->an_name.bv_val ) == 0 ) {
> + if ( strncasecmp( s->bv_val, a->an_name.bv_val, s->bv_len ) == 0 ) {
> return( 1 );
> }
> }
Unnecessary.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years, 6 months
