Full_Name: Quanah Gibson-Mount Version: 2.4.23 OS: Mac OSX 10.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.45.108)
When querying AD from a mac, we found that we can segfault ldapsearch. This segfault does not happen when running the same query from linux. Here is the backtrace:
(gdb) thr apply all bt full
Thread 1 (core thread 0): #0 0x00007fff80697180 in strlen () No symbol table info available. #1 0x000000010008ae22 in ber_put_string (ber=0x100401480, str=0x686372616573
<Address 0x686372616573 out of bounds>, tag=18446744073709551615) at encode.c:273
Something seems to be wrong with the parsing of the deref control in ldapsearch.c; can you provide the command-line?
Thanks, p.
No locals. #2 0x000000010008be20 in ber_printf (ber=0x100401480, fmt=0x10005f5e4 "s{") at encode.c:575 ap = {{ gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff5fbfeb00, reg_save_area = 0x7fff5fbfea40 }} s = 0x686372616573 <Address 0x686372616573 out of bounds> ss = (char **) 0x0 bv = (struct berval *) 0x0 bvp = (struct berval **) 0x7fff8069dc3b rc = 0 i = 584234 len = 140734799800880 #3 0x00000001000586d8 in ldap_create_deref_control_value (ld=0x100401130, ds=0x100400130, value=0x100016a20) at deref.c:68 j = 1 ber = (BerElement *) 0x100401480 tag = 18 i = 1 __func__ = "\000\000\000\000\000\000\000Critical extension is una" #4 0x0000000100003a28 in main (argc=13, argv=0x7fff5fbff4f8) at ldapsearch.c:1090 i = 0 filtpattern = 0x7fff5fbff739 "(CN=SE-EMEA-OEM)" attrs = (char **) 0x7fff5fbff558 line = '\0' <repeats 504 times>, "ᅵᅵᅵ_ï¿œ\000\000ᅵᅵ_ï¿œ\000\000\006\003ᅵᅵᅵ\000\000\000ï¿œ_ï¿œ\000\000ï¿œ&ï¿œ_ï¿œ", '\0' <repeats 18 times>, "ᅵᅵᅵ_ï¿œ\000\000\020ï¿œ_ï¿œ\000\000ᅵᅵ_ï¿œ\000\000ï¿œ\005ï¿œ_ï¿œ\000\000ᅵᅵ~L\000\000\000\000=ï¿œ\002\000ï¿œ\000\000ï¿œ\000\000\000̹ᅵT\035ï¿œ_ᅵᅵdYhMï¿œ6T{ï¿œbjï¿œ\033\020v:ï¿œ*ï¿œb7\003a/ï¿œMᅵᅵᅵᅵᅵᅵ8ï¿œLᅵᅵXï¿œ\025CᅵԶ&Úxï¿œ6cï¿œOᅵᅵDpb*\030\tdᅵᅵᅵ^biï¿œ}ᅵᅵ&ï¿œyï¿œfï¿œq"... fp = (FILE *) 0x0 rc = 0 rc1 = 0 i = 0 first = 0 ld = (LDAP *) 0x100401130 seber = (BerElement *) 0x0 vrber = (BerElement *) 0x0 syncber = (BerElement *) 0x0 syncbvalp = (struct berval *) 0x0 err = 0
Search was:
/opt/zimbra/openldap/bin/ldapsearch -LLL -D ... -w ... -H ldap://...:3268 -x -E deref=member:mail "(CN=test)" mail
Segmentation fault (core dumped)