Re: (ITS#5804) attribute value regex expantion - openldap-bugs

28 Nov 2008

I got segfault with the latest cvs and I think it's related to this ITS.  
It happened when slapd was evaluating the acl pattern.
by dn.exact,expand="uid=$1,ou=people,dc=domain,dc=gr" write
The relevant info from the debugger was:
<= check a_dn_pat: uid=1,ou=people,dc=domain,dc=gr
t@3 (l@3) signal SEGV (no mapping at the fault address) in acl_mask_dn at  
line 914 in file "acl.c"
   914                                                   val->bv_val,  
tmp_matchesp ) )
/SCRATCH/NG/ldap.devel-2.4/UOAldap.sources/openldap-cvs-20081128/servers/slapd>
/SCRATCH/NG/ldap.devel-2.4/UOAldap.sources/openldap-cvs-20081128/servers/slapd>
/SCRATCH/NG/ldap.devel-2.4/UOAldap.sources/openldap-cvs-20081128/servers/slapd>where
current thread: t@3
=>[1] acl_mask_dn(op = 0x3e4440, e = 0x3b217c, val = (nil), a = 0x36c118,  
matches = 0xfcffde64, bdn = 0x36cfd0, opndn = 0x3e44dc), line 914 in  
"acl.c"
   [2] slap_acl_mask(a = 0x36c118, mask = 0xfcfff138, op = 0x3e4440, e =  
0x3b217c, desc = 0x322698, val = (nil), matches = 0xfcffde64, count = 5,  
state = 0xfcffde48, access = ACL_WADD), line 1184 in "acl.c"
   [3] slap_access_allowed(op = 0x3e4440, e = 0x3b217c, desc = 0x322698,  
val = (nil), access = ACL_WADD, state = 0xfcffde48, maskp = 0xfcfff3e0),  
line 297 in "acl.c"
   [4] fe_access_allowed(op = 0x3e4440, e = 0x3b217c, desc = 0x322698, val  
= (nil), access = ACL_WADD, state = (nil), maskp = 0xfcfff3e0), line 359  
in "acl.c"
   [5] over_access_allowed(op = 0x3e4440, e = 0x3b217c, desc = 0x322698,  
val = (nil), access = ACL_WADD, state = (nil), maskp = 0xfcfff3e0), line  
312 in "backover.c"
   [6] access_allowed_mask(op = 0x3e4440, e = 0x3b217c, desc = 0x322698,  
val = (nil), access = ACL_WADD, state = (nil), maskp = (nil)), line 462 in  
"acl.c"
   [7] bdb_add(op = 0x3e4440, rs = 0xfcfffcb0), line 284 in "add.c"
   [8] fe_op_add(op = 0x3e4440, rs = 0xfcfffcb0), line 334 in "add.c"
   [9] overlay_op_walk(op = 0x3e4440, rs = 0xfcfffcb0, which = op_add, oi =  
0x3614f8, on = (nil)), line 670 in "backover.c"
   [10] over_op_func(op = 0x3e4440, rs = 0xfcfffcb0, which = op_add), line  
722 in "backover.c"
   [11] over_op_add(op = 0x3e4440, rs = 0xfcfffcb0), line 768 in  
"backover.c"
   [12] do_add(op = 0x3e4440, rs = 0xfcfffcb0), line 194 in "add.c"
   [13] connection_operation(ctx = 0xfcfffe0c, arg_v = 0x3e4440), line 1090  
in "connection.c"
   [14] connection_read_thread(ctx = 0xfcfffe0c, argv = 0xd), line 1216 in  
"connection.c"
   [15] ldap_int_thread_pool_wrapper(xpool = 0x326dd0), line 663 in  
"tpool.c"
Turns out 'val' is nil and it doesn't seem like there's any check for  
that. Maybe naive fix:
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/acl.c,v
retrieving revision 1.347
diff -u -r1.347 acl.c

--- servers/slapd/acl.c 16 Nov 2008 02:22:27 -0000      1.347
+++ servers/slapd/acl.c 28 Nov 2008 14:28:34 -0000
@@ -911,7 +911,7 @@
if ( acl_string_expand( &bv, &bdn->a_pat,
                                                 e->e_nname.bv_val,
-                                               val->bv_val, tmp_matchesp  
) )
+                                               (val?val->bv_val:NULL),  
tmp_matchesp ) )
                         {
                                 return 1;
                         }

    