(ITS#8085) Segfault on ppc64 caused by commit 6ad38fef3fe63ff86c1e6cff3c6330353b21cc24 - openldap-bugs

19 Mar 2015

Full_Name: Jan Synacek
Version: master
OS: GNU/Linux
URL: 
Submission from: (NULL) (213.175.37.10)
On PPC64, slapd segfaults on startup when using mdb as the backend.
Reproducer:
1) ./configure && make && make install STRIP=""
2) slapd -d1 -h "ldap:/// ldapi:///" -f slapd.conf
$ cat slapd.conf
include         /etc/opldldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
database  mdb
directory       /var/lib/ldap/
suffix          dc=foo,dc=bar,dc=com
rootdn          "cn=Manager,dc=foo,dc=bar,dc=com"
# password is 'x'
rootpw          {SSHA}tOSmeQCcYIm1S9ujgpg2Km5rpUnR9dRBD%D
There seems to be a program memory corruption, since the backtrace doesn't make
any sense and valgrind reports "Illegal instruction".
gdb --args -d1 -h "ldap:/// ldapi:///" -f slapd.conf
...
(gdb) r
...
Program received signal SIGSEGV, Segmentation fault.
0x000000001014b98c in 000006ae.plt_call.pthread_mutex_unlock@@GLIBC_2.3+0 ()
(gdb) bt
#0  0x000000001014b98c in 000006ae.plt_call.pthread_mutex_unlock@@GLIBC_2.3+0
()
#1  0x000000001014d79c in mdb_env_open (env=0x1034a4e0, path=0x102d5250
"/var/lib/ldap/", flags=536870912, mode=<value optimized out>) at
./../../../libraries/liblmdb/mdb.c:4540
#2  0x00000000100b91d4 in mdb_db_open (be=0x102b02c0, cr=0xfffffffe9a0) at
init.c:174
#3  0x000000001003c130 in backend_startup_one (be=0x102b02c0, cr=0xfffffffe9a0)
at backend.c:224
#4  0x000000001003c58c in backend_startup (be=0x102b02c0) at backend.c:330
#5  0x000000001005d650 in slap_startup (be=0x0) at init.c:220
#6  0x0000000010009b88 in main (argc=<value optimized out>, argv=<value
optimized out>) at main.c:997
(gdb) up
#1  0x000000001014d79c in mdb_env_open (env=0x1034a4e0, path=0x102d5250
"/var/lib/ldap/", flags=536870912, mode=<value optimized out>) at
./../../../libraries/liblmdb/mdb.c:4540
4540		env->me_path = strdup(path);
I bisected the problem and the following commit is the problem:
commit 6ad38fef3fe63ff86c1e6cff3c6330353b21cc24
Author: Howard Chu hyc@openldap.org
Date:   Wed Jan 14 19:05:17 2015 +0000
Fix typo in 45146ba21a9ee494e7058ca7a173fcc6b27df744

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 46d1c6d..08e733f 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -1826,7 +1826,7 @@ UTF8StringValidate(
                if( LDAP_UTF8_OFFSET( (char *)u ) != len ) return
LDAP_INVALID_SYNTAX;
        }
-       if( u >= len ) {
+       if( u > end ) {
                return LDAP_INVALID_SYNTAX;
        }
This problem is already present in 2.4.40, but absent in 2.4.39.

    