(ITS#6909) High asynchronous traffic handled by back-meta causes multiple err=34 errors - openldap-bugs

14 Apr 2011

Full_Name: Diego Granados López
Version: 2.4.21
OS:  SUSE Linux Enterprise Server 10 SP3 (x86_64)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.235.15.243)
The issue arises when running a large number (200+) of asynchronous clients
issuing queries vs slapd. Back-meta is configured to use a single remote target.
Eventually, during a connection re-bind (function meta_search_dobind_init), one
thread goes into the block of code which starts on line 322:
case LDAP_SERVER_DOWN:
down:;
    	/* This is the worst thing that could happen:
    	 * the search will wait until the retry is over. */
in that block, the meta_single_conn is cleaned up inside the call:
meta_clear_one_candidate( op, mc, candidate );
Inside that function, the msc->msc_bound_ndn memory is freed
if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
    	ber_memfree_x( msc->msc_bound_ndn.bv_val, NULL );
    	BER_BVZERO( &msc->msc_bound_ndn );
}
; later, the call
rc = meta_back_init_one_conn( op, rs, mc, candidate,
    			LDAP_BACK_CONN_ISPRIV( mc ), LDAP_BACK_DONTSEND, 0 );
takes the connection to a healthy state again, but the problem is that binddn &
cred vars, which had been assigned at function start,
struct berval		binddn = msc->msc_bound_ndn,
    			cred = msc->msc_cred;
are not being assigned to the new correct values, and after going into "goto
retry" call, those vars are used in the bind retry, but they are pointing still
to the previously freed memory , containing garbage).
The remote server shows the incorrect content of the dns being send:
cat /var/log/ldapfe* | grep "invalid dn ("
Apr  8 12:41:17 xx slapd[10482]: conn=47925 op=0 do_bind: invalid dn ( Iµ)
Apr  8 12:41:17 xx slapd[10482]: conn=47926 op=0 do_bind: invalid dn (àí@ª*)
Apr  8 12:41:17 xx slapd[10482]: conn=47928 op=0 do_bind: invalid dn (`úö¯ª*)
Apr  8 12:41:17 xx slapd[10482]: conn=47929 op=0 do_bind: invalid dn (0÷¯ª*)
Apr  8 12:41:17 xx slapd[10482]: conn=47927 op=0 do_bind: invalid dn (èº¬ª*)
slapd[10482]: conn=47925 fd=155 ACCEPT from IP=172.80.0.168:56451
(IP=0.0.0.0:389)
Apr  8 12:41:17 PL_2_3 slapd[10482]: conn=47925 op=0 do_bind: invalid dn ( Iµ)
Apr  8 12:41:17 PL_2_3 slapd[10482]: conn=47925 op=0 RESULT tag=97 err=34
text=invalid DN
Apr  8 12:41:17 PL_2_3 slapd[10482]: conn=47925 op=1 UNBIND
Apr  8 12:41:17 PL_2_3 slapd[10482]: conn=47925 fd=155 closed
Please find attached our proposed patch for this:

--- servers/slapd/back-meta/search.c	2011-04-11 11:23:14.000000000 +0200
+++ /home/devel/ediegra_[...]/bin/openldap-2.4.21/servers/slapd/back-meta/search.c
2011-04-14 11:21:03.000000000 +0200
@@ -363,6 +363,10 @@
if ( rc == LDAP_SUCCESS ) {
    			candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
+				binddn = msc->msc_bound_ndn;
+				cred = msc->msc_cred;
    			goto retry;
    		}
    	}
Kind regards,
Diego

    