ryan@nardis.ca wrote:
Full_Name: Ryan Tandy Version: HEAD OS: Ubuntu 14.04 URL: Submission from: (NULL) (142.32.208.226)
Debian bug report: http://bugs.debian.org/666515
Confirmed on master (at commit fcdd3a06) and RE24 (at commit 1253d7c1).
Thanks for the report. Should be fixed now in git master, please test.
ldapadd or slapadd of an entry with a naming attribute such as 'audio' or 'jpegPhoto' is rejected with a reasonable error message:
$ slapadd dn: jpegPhoto=test,dc=example,dc=com objectClass: inetOrgPerson
slapadd: dn="jpegPhoto=test,dc=example,dc=com" (line=1): (64) naming attribute 'jpegPhoto' has no equality matching rule
However, creating an entry with a valid DN and using ldapmodrdn to request a change of the naming attr to 'jpegPhoto' crashes slapd:
$ slapadd dn: cn=Ryan Tandy,dc=example,dc=com objectClass: inetOrgPerson sn: Tandy jpegPhoto: test
$ [start slapd...] $ ldapmodrdn -x -D cn=root,dc=example,dc=com -W 'cn=Ryan Tandy,dc=example,dc=com' 'jpegPhoto=test' Enter LDAP Password: ldap_result: Can't contact LDAP server (-1)
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffd81a60700 (LWP 9095)] 0x00000000004667f3 in slap_modrdn2mods (op=0x7ffd740026b0, rs=0x7ffd81a5faf0) at modrdn.c:448 448 if( desc->ad_type->sat_equality->smr_normalize) { (gdb) bt full #0 0x00000000004667f3 in slap_modrdn2mods (op=0x7ffd740026b0, rs=0x7ffd81a5faf0) at modrdn.c:448 desc = 0x9add80 mod_tmp = 0x7ffd74002670 a_cnt = 0 d_cnt = 32765 old_rdn = 0x0 new_rdn = 0x7ffd74003090 __PRETTY_FUNCTION__ = "slap_modrdn2mods" #1 0x0000000000465688 in do_modrdn (op=0x7ffd740026b0, rs=0x7ffd81a5faf0) at modrdn.c:179 dn = {bv_len = 31, bv_val = 0x7ffd74102c77 "cn=Ryan Tandy,dc=example,dc=com"} newrdn = {bv_len = 14, bv_val = 0x7ffd74102c98 "jpegPhoto=test"} newSuperior = {bv_len = 0, bv_val = 0x0} deloldrdn = 0 pnewSuperior = {bv_len = 0, bv_val = 0x0} nnewSuperior = {bv_len = 0, bv_val = 0x0} length = 0 #2 0x000000000044029f in connection_operation (ctx=0x7ffd81a5fc40, arg_v=0x7ffd740026b0) at connection.c:1134 rc = 80 cancel = 0 op = 0x7ffd740026b0 rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} tag = 108 opidx = SLAP_OP_MODRDN conn = 0x7ffff7e6ae90 memctx = 0x7ffd74002bf0 memctx_null = 0x0 memsiz = 1048576 __PRETTY_FUNCTION__ = "connection_operation" #3 0x00000000004408f8 in connection_read_thread (ctx=0x7ffd81a5fc40, argv=0x10) at connection.c:1270 rc = 0 cri = {op = 0x7ffd740026b0, func = 0x0, arg = 0x0, ctx = 0x7ffd81a5fc40, nullop = 0} s = 16 #4 0x00007ffff7b89e5e in ldap_int_thread_pool_wrapper (xpool=0x7fa480) at tpool.c:945 pq = 0x7fa480 pool = 0x7fa370 task = 0x7ffd7c0008c0 work_list = 0x7fa4f0 ctx = {ltu_pq = 0x7fa480, ltu_id = 140726778595072, ltu_key = {{ltk_key = 0x43fd34 <conn_counter_init>, ltk_data = 0x7ffd74002ae0, ltk_free = 0x43fb86 <conn_counter_destroy>}, {ltk_key = 0x4b9a08 <slap_sl_mem_init>, ltk_data = 0x7ffd74002bf0, ltk_free = 0x4b982d <slap_sl_mem_destroy>}, {ltk_key = 0x45c06b <slap_op_free>, ltk_data = 0x0, ltk_free = 0x45bfbe <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 23 times>, {ltk_key = 0x0, ltk_data = 0xe81b289de6cb1252, ltk_free = 0x80}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}}} kctx = 0x0 i = 32 keyslot = 586 hash = 2858034762 pool_lock = 0 freeme = 0 __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #5 0x00007ffff5dbf062 in start_thread (arg=0x7ffd81a60700) at pthread_create.c:312 __res = <optimized out> pd = 0x7ffd81a60700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140726778595072, 1720423256181903954, 1, 140737354125408, 0, 140726778595072, -1721737773892038062, -1720445005621816750}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #6 0x00007ffff5af2bfd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 No locals.
The problem is a dereference of the missing equality rule:
(gdb) p desc->ad_type $1 = (AttributeType *) 0x83ec70 (gdb) p desc->ad_type->sat_equality $2 = (MatchingRule *) 0x0