openldap-bugs August 2023

openldap-bugs@openldap.org

1 participants
112 discussions

[Issue 9936] New: slapd attempting free on address which was not malloced
by openldap-its＠openldap.org 20 Oct '23

20 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=9936 Issue ID: 9936 Summary: slapd attempting free on address which was not malloced Product: OpenLDAP Version: 2.6.3 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: kimjuhi96(a)snu.ac.kr Target Milestone: --- I get invalid free running this on the latest openldap from git, built with CFLAGS="-fsanitize=address" using clang 15. Seems this is similar to https://bugs.openldap.org/show_bug.cgi?id=9912. ./servers/slapd/slapd -T c -s1 -s1 Stopped reason: SIGABRT __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. gdb-peda$ bt #0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff78ca859 in __GI_abort () at abort.c:79 #2 0x00005555556eb04f in __sanitizer::Abort () at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp:143 #3 0x00005555556e8aac in __sanitizer::Die () at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:58 #4 0x00005555556c5dda in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7fffffffbe7e, __in_chrg=<optimized out>) at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/asan/asan_report.cpp:192 #5 0x00005555556c72b8 in __asan::ReportFreeNotMalloced (addr=<optimized out>, free_stack=0x7fffffffca90) at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/asan/asan_report.cpp:199 #6 0x00005555556c02ab in __interceptor_free (ptr=0x7fffffffe359) at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:53 #7 0x0000555555d3efe2 in ber_memfree_x () #8 0x0000555555847d33 in ch_free () #9 0x0000555555a31178 in slap_tool_init () #10 0x0000555555a2e54d in slapcat () #11 0x000055555570901f in main () #12 0x00007ffff78cc083 in __libc_start_main (main=0x555555706ef0 <main>, argc=0x5, argv=0x7fffffffdfc8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdfb8) at ../csu/libc-start.c:308 #13 0x000055555561011e in _start () at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_internal_defs.h:397 gdb-peda$ -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9888] New: When using cn=config replication, schema updates can corrupt the index database(s)
by openldap-its＠openldap.org 19 Oct '23

19 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=9888 Issue ID: 9888 Summary: When using cn=config replication, schema updates can corrupt the index database(s) Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Today I pushed a schema update out to the config node that holds schema that is replicated to the providers and consumers. Post schema update, 2/11 servers crashed in the mdb online indexing function. I fixed this by slapcat the db and slapadd the db. This is important because it was later revealed that on the 9/11 servers that did not crash or have their database reloaded, ldapsearch would return the wrong attribute names for some attribute:value pairs in the database, which caused mayhem in downstream systems and caused replication issues between the nodes. The 2 nodes that were reloaded immediately after the schema change had the only "good" copies of the database left. To give an example, say an entry was something like: dn: uid=joe,ou=people,dc=example,dc=com uid: joe sn: smith cn: joe smith givenName: joe After the change, the broken servers could return something like: dn: uid=joe,ou=people,dc=example,dc=com uid: joe posixGroup: smith cn: joe smith givenName joe It's not clear how deeply this bug ran in the database. It for sure affected 2 attributes used by the person objectClass. Both of the "replacement" attributes were not valid attributes for the person objectClasses in use. Maybe related to the changes in ITS#9858? -- You are receiving this mail because: You are on the CC list for the issue.

1 19

[Issue 9863] New: lastbind configuration fails to honor chaining configuration
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=9863 Issue ID: 9863 Summary: lastbind configuration fails to honor chaining configuration Product: OpenLDAP Version: 2.6.2 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- In an environment where consumers are configured to chain writes up to the providers, lastbind configuration fails to honor this which is generally what one would expect. This causes mismatches between the providers and consumers in regards to the database state. Additionally it introduces random serverIDs into the database. In my case, the providers have serverIDs 10, 20, 30 configured but the consumer is generating serverID 1 for the entryCSN. Expectation: consumer does not generate *any* entryCSN value and instead forwards the write op to the provider. Log from consumer: slap_get_csn: conn=1069 op=0 generated new csn=20220610180137.644625Z#000000#001#000000 manage=1 -- You are receiving this mail because: You are on the CC list for the issue.

1 12

[Issue 9735] New: [PATCH] try hard to find free space if database cannot grow
by openldap-its＠openldap.org 01 Oct '23

01 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=9735 Issue ID: 9735 Summary: [PATCH] try hard to find free space if database cannot grow Product: LMDB Version: 0.9.24 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: libor.peltan(a)nic.cz Target Milestone: --- Created attachment 851 --> https://bugs.openldap.org/attachment.cgi?id=851&action=edit Patch fixing the issue "try hard to find free space if database cannot grow" Note: - the issue is the same in version 0.9.70 (git) Situation: - the database had already grown to its limit (mapsize) in the past - overflow pages are used heavily as stored values are usually several pages long - free space got fragmented Problem: - attempt to insert new value results in MDB_MAP_FULL despite there is free space available Cause: there is a heursitic in mdb_page_alloc() that gives up searching for free space chunk if this would take too much time. This is useful when the database can still grow, as it balances performance with space usage. However, if the database can no longer grow, it prevents inserting new values. Solution: detect early on in mdb_page_alloc() if the database can grow, and if not, let it try hard to search for free space. Patch: attached -- You are receiving this mail because: You are on the CC list for the issue.

1 13

[Issue 10064] New: Add modrdn support for Cft_Misc entries
by openldap-its＠openldap.org 26 Sep '23

26 Sep '23

https://bugs.openldap.org/show_bug.cgi?id=10064 Issue ID: 10064 Summary: Add modrdn support for Cft_Misc entries Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Currently in cn=config, there is some special handling to maintain overlays/dbs entries to allow list-like management. All module defined entries are marked Cft_Misc and this behaviour is not available there. It boils down to allowing the module to screen rename/renumber requests and having bconfig defer to that callback if it's defined. Use-case: policy selection rules in ITS#9343 would benefit from being managed this way rather than having to reparse a long line every time a rule is adjusted. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9471] New: Add RBAC overlay to core
by openldap-its＠openldap.org 26 Sep '23

26 Sep '23

https://bugs.openldap.org/show_bug.cgi?id=9471 Issue ID: 9471 Summary: Add RBAC overlay to core Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Symas will contribute its RBAC overlay to core The slapo-rbac overlay is an implementation of the ANSI INCITS 359 Role-Based Access Control (RBAC) Core. When instantiated, it intercepts, decodes and enforces specific RBAC policies per the Apache Fortress RBAC data formats. The overlay provides a set of extended operations. They include session create/delete, checkAccess, addActiveRole, dropActiveRole and sessionRoles. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9472] New: Add datamorph overlay to core
by openldap-its＠openldap.org 26 Sep '23

26 Sep '23

https://bugs.openldap.org/show_bug.cgi?id=9472 Issue ID: 9472 Summary: Add datamorph overlay to core Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Symas will contribute its datamorph overlay to core The datamorph overlay to slapd allows attributes with a few predefined values to be saved more space-efficiently as well as signed or unsigned integer attributes. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9473] New: Add variant overlay to core
by openldap-its＠openldap.org 26 Sep '23

26 Sep '23

https://bugs.openldap.org/show_bug.cgi?id=9473 Issue ID: 9473 Summary: Add variant overlay to core Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Symas will contribute its variant overlay to OpenLDAP core The variant overlay to slapd allows attributes/values to be shared between several entries. In some ways this is similar to slapo-collect with the exception that the source and target attributes can be different. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 10087] New: slapd crashes with core dump Assertion `!LDAP_BACK_CONN_TAINTED( lc )
by openldap-its＠openldap.org 18 Sep '23

18 Sep '23

https://bugs.openldap.org/show_bug.cgi?id=10087 Issue ID: 10087 Summary: slapd crashes with core dump Assertion `!LDAP_BACK_CONN_TAINTED( lc ) Product: OpenLDAP Version: 2.5.15 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: rajko(a)albrecht.jetzt Target Milestone: --- The slapd daemon crashes every ten minutes with slapd: ../../../../../servers/slapd/back-ldap/bind.c:181: ldap_back_conn_delete: Assertion `!LDAP_BACK_CONN_TAINTED( lc )' failed. Aborted (core dumped) I searched around for multiple days but didn't find any solution to this problem. I have the same problem with 2.6.x versions. It is configured to act as caching ldap, while multiple hundred systems contact it. The error message is completely useless for sysadmins because they don't understand what this means for them (as said, asking search engines gives no answers) nor I don't know if - and if so how - I can fix this with configuration. I don't see if this message is talking about the connection to the upstream ldap server or if this is the connection from a client to the caching (and crashing) daemon. First setup was plain on a linux machine, now runnig inside docker environment so the service is restarted after the crash. This is of course not a nice solution. And it looks like the same like #4390 which is marked as "not solved". At least a description what this error messages means would be very helpful incl. how a workaround could look like (increasing timeouts, increase/decrease a socket pool or whatever). Currently the slapd is nearly useless when using it as a caching ldap with high load. Any hints? -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 10096] New: SIGSEGV in try_read1msg() while using referrals with AD
by openldap-its＠openldap.org 18 Sep '23

18 Sep '23

https://bugs.openldap.org/show_bug.cgi?id=10096 Issue ID: 10096 Summary: SIGSEGV in try_read1msg() while using referrals with AD Product: OpenLDAP Version: 2.6.2 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: simon.pichugin(a)gmail.com Target Milestone: --- The double free happens during a referral chasing with AD. SSSD usage Background (But I think the issue can happen even without SSSD): Referral chasing with AD and Kerberos based GSSAPI/GSS-SPNEGO authentication will never work based in the fact that AD will return domain names instead of the names of AD DC in the referral. That with with 'id_provider = ad' (SSSD setting) there is 'ldap_referrals = false' as default. For 'id_provider = ldap' we expect a generic LDAP server (not AD) which returns proper referrals with fully-qualified hostname or where is simple bind is used, either anonymous or with bind DN and password (which is expected to be the same on all involved LDAP servers and which is not the case with AD since the AD DC from a different domain won't know the given bind DN). So the issue is an unusual one, but still, as it's a crash, I think it deserves a look at. The stack trace for the issue: #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f34182a15b3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007f3418254d46 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f34182287f3 in __GI_abort () at abort.c:79 #4 0x00007f3418229130 in __libc_message (fmt=<optimized out>, fmt@entry=0x7f34183bb6bd "%s\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00007f34182ab617 in malloc_printerr (str=str@entry=0x7f34183be2d0 "double free or corruption (!prev)") at malloc.c:5515 #6 0x00007f34182ad30c in _int_free (av=0x7f34183fac80 <main_arena>, p=0x560fc4b23130, have_lock=<optimized out>) at malloc.c:4458 #7 0x00007f34182af955 in __GI___libc_free (mem=<optimized out>) at malloc.c:3258 #8 0x00007f34173b6f52 in try_read1msg (result=0x7ffea107bb88, lc=0x560fc4ac20e0, all=0, msgid=-1, ld=0x560fc4a77450) at /usr/src/debug/openldap-2.6.2-3.el9.x86_64/openldap-2.6.2/libraries/libldap/result.c:919 #9 wait4msg (result=0x7ffea107bb88, timeout=<optimized out>, all=0, msgid=-1, ld=0x560fc4a77450) at /usr/src/debug/openldap-2.6.2-3.el9.x86_64/openldap-2.6.2/libraries/libldap/result.c:369 #10 ldap_result (ld=0x560fc4a77450, msgid=msgid@entry=-1, all=all@entry=0, timeout=timeout@entry=0x7ffea107bb90, result=result@entry=0x7ffea107bb88) at /usr/src/debug/openldap-2.6.2-3.el9.x86_64/openldap-2.6.2/libraries/libldap/result.c:120 #11 0x00007f3415b6f7be in sdap_process_result (ev=0x560fc49e2420, pvt=<optimized out>) at src/providers/ldap/sdap_async.c:233 #12 0x00007f3418433675 in tevent_common_invoke_fd_handler (fde=fde@entry=0x560fc4b07ce0, flags=1, removed=removed@entry=0x0) at ../../tevent_fd.c:142 #13 0x00007f34184373cf in epoll_event_loop (tvalp=0x7ffea107bc30, epoll_ev=0x560fc49e2700) at ../../tevent_epoll.c:737 #14 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../tevent_epoll.c:938 #15 0x00007f341842f6ab in std_event_loop_once (ev=0x560fc49e2420, location=0x7f3418575f10 "src/util/server.c:787") at ../../tevent_standard.c:110 #16 0x00007f3418431b88 in _tevent_loop_once (ev=ev@entry=0x560fc49e2420, location=location@entry=0x7f3418575f10 "src/util/server.c:787") at ../../tevent.c:825 #17 0x00007f3418431c7b in tevent_common_loop_wait (ev=0x560fc49e2420, location=0x7f3418575f10 "src/util/server.c:787") at ../../tevent.c:948 #18 0x00007f341842f71b in std_event_loop_wait (ev=0x560fc49e2420, location=0x7f3418575f10 "src/util/server.c:787") at ../../tevent_standard.c:141 #19 0x00007f3418552237 in server_loop (main_ctx=0x560fc49e2790) at src/util/server.c:787 #20 0x0000560fc371ebda in main (argc=8, argv=<optimized out>) at src/providers/data_provider_be.c:811 (gdb) frame 11 #11 0x00007f3415b6f7be in sdap_process_result (ev=0x560fc49e2420, pvt=<optimized out>) at src/providers/ldap/sdap_async.c:233 233 ret = ldap_result(sh->ldap, LDAP_RES_ANY, 0, &no_timeout, &msg); (gdb) frame 10 #10 ldap_result (ld=0x560fc4a77450, msgid=msgid@entry=-1, all=all@entry=0, timeout=timeout@entry=0x7ffea107bb90, result=result@entry=0x7ffea107bb88) at /usr/src/debug/openldap-2.6.2-3.el9.x86_64/openldap-2.6.2/libraries/libldap/result.c:120 120 rc = wait4msg( ld, msgid, all, timeout, result ); (gdb) frame 9 #9 wait4msg (result=0x7ffea107bb88, timeout=<optimized out>, all=0, msgid=-1, ld=0x560fc4a77450) at /usr/src/debug/openldap-2.6.2-3.el9.x86_64/openldap-2.6.2/libraries/libldap/result.c:369 369 rc = try_read1msg( ld, msgid, all, lc, result ); (gdb) frame 8 #8 0x00007f34173b6f52 in try_read1msg (result=0x7ffea107bb88, lc=0x560fc4ac20e0, all=0, msgid=-1, ld=0x560fc4a77450) at /usr/src/debug/openldap-2.6.2-3.el9.x86_64/openldap-2.6.2/libraries/libldap/result.c:919 919 ldap_return_request( ld, lr, 0 ); (gdb) frame 7 #7 0x00007f34182af955 in __GI___libc_free (mem=<optimized out>) at malloc.c:3258 3258 _int_free (ar_ptr, p, 0); (gdb) frame 6 #6 0x00007f34182ad30c in _int_free (av=0x7f34183fac80 <main_arena>, p=0x560fc4b23130, have_lock=<optimized out>) at malloc.c:4458 4458 malloc_printerr ("double free or corruption (!prev)"); (gdb) frame 8 #8 0x00007f34173b6f52 in try_read1msg (result=0x7ffea107bb88, lc=0x560fc4ac20e0, all=0, msgid=-1, ld=0x560fc4a77450) at /usr/src/debug/openldap-2.6.2-3.el9.x86_64/openldap-2.6.2/libraries/libldap/result.c:919 919 ldap_return_request( ld, lr, 0 ); (gdb) list 914 } 915 } 916 917 if ( lr != NULL ) { 918 if ( lr != &dummy_lr ) { 919 ldap_return_request( ld, lr, 0 ); 920 } 921 lr = NULL; 922 } 923 (gdb) p *ld $6 = {ldc = 0x560fc4b01110, ld_errno = 10, ld_error = 0x0, ld_matched = 0x0, ld_referrals = 0x0} (gdb) p *lr $8 = {lr_msgid = -995099056, lr_status = 22031, lr_refcnt = -995206016, lr_outrefcnt = 22030, lr_abandoned = 0, lr_origid = 40, lr_parentcnt = 4, lr_res_msgtype = 101, lr_res_errno = 0, lr_res_error = 0x0, lr_res_matched = 0x0, lr_ber = 0x0, lr_conn = 0x560fc4ac20e0, lr_dn = {bv_len = 20, bv_val = 0x560fc4affe6b "\304\017V"}, lr_parent = 0x0, lr_child = 0x560fc4adb650, lr_refnext = 0x0, lr_prev = 0x0, lr_next = 0x90} Thank you! Simon -- You are receiving this mail because: You are on the CC list for the issue.

1 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2023