Full_Name: Hallvard B Furuseth Version: HEAD, RE23 OS: Linux URL: Submission from: (NULL) (129.240.202.105) Submitted by: hallvard
syncprov + back-ldap, and presumably + back-meta if that were used, give an array bounds violation in test045-syncreplication-proxied:
syncprov_db_open() uses connection_fake_init(), which sets op->o_tag=0. It passes op to back-ldap.
ldap_back_op_result() assumes op is a known LDAP request: It calls slap_req2op() and gets SLAP_OP_LAST (for unknown tag). That is used as an index into ldapinfo_t.li_timeout[], which has size SLAP_OP_LAST.
back-meta/bind.c does the same in meta_back_bind_op_result() and meta_back_op_result().
HEAD backtrace, from an assert(0) I put in slap_req2op():
#3 0x003d8d91 in __assert_fail () from /lib/tls/libc.so.6 #4 0x0809ac0e in slap_req2op (tag=0) at operation.c:203 #5 0x0816dba8 in ldap_back_op_result (lc=0x83a12f8, op=0xbfffe948, rs=0xbfffe70c, msgid=1, timeout=-1, sendok=20) at bind.c:1582 #6 0x0816d727 in ldap_back_dobind_int (lcp=0xbfffe760, op=0xbfffe948, rs=0xbfffe70c, sendok=LDAP_BACK_GETCONN, retries=0, dolock=1) at bind.c:1411 #7 0x0816d814 in ldap_back_dobind (lcp=0xbfffe760, op=0xbfffe948, rs=0xbfffe70c, sendok=LDAP_BACK_DONTSEND) at bind.c:1440 #8 0x0812921a in ldap_back_entry_get (op=0xbfffe948, ndn=0x833b2a8, oc=0x0, at=0x82ec610, rw=0, ent=0xbfffe944) at search.c:790 #9 0x080f7a55 in overlay_entry_get_ov (op=0xbfffe948, dn=0x833b2a8, oc=0x0, ad=0x82ec610, rw=0, e=0xbfffe944, on=0x0) at backover.c:365 #10 0x081bd9da in syncprov_db_open (be=0x833a8a0) at syncprov.c:2550 #11 0x080f70b2 in over_db_func (be=0x833a8a0, which=db_open) at backover.c:61 #12 0x080f74c9 in over_db_open (be=0x833a8a0) at backover.c:174 #13 0x08092515 in backend_startup_one (be=0x833a8a0) at backend.c:212 #14 0x080929a2 in backend_startup (be=0x833a8a0) at backend.c:303 #15 0x080b9a94 in slap_startup (be=0x0) at init.c:243 #16 0x0806719d in main (argc=8, argv=0xbfffef14) at main.c:919
-
h.b.furuseth@usit.uio.no