[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SEGFAULT with NULL backend suffix definition (ITS#23)
Full_Name: Alex Iliynsky
Version: 1.1.1
OS: FreeBSD 3.0/2.2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.87.68.4)
I have a one problem with 1.1.1 and I think that there is possible bug.
My configuration (Freebsd 2.2.6/3.0 - doesn't matter)
slapd.conf :
#include %SYSCONFDIR%/slapd.at.conf
#include %SYSCONFDIR%/slapd.oc.conf
schemacheck off
#referral ldap://ldap.itd.umich.edu
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix ""
#suffix "o=Your Organization Name, c=US"
directory /usr/tmp
rootdn "cn=root, dc=home, dc=ri"
#rootdn "cn=root, o=Your Organization Name, c=US"
rootpw secret
ldif file for creation of initial database:
dn: c=ru
c: ru
objectclass: country
when I issued ldapsearch "objectclass=*" server does not respond at ALL.
on next same search server dumped with segfault in strcasecmp (called from
be_isroot()).
If i set ANY baseDN for search (not NULL), server will work and respond
correctly.
I traced slapd and found that this error caused by failed value of Operation
* op in ldbm_back_search. I can't say where exactly this value is garbaged
(I not so familiar with gdb :)
On first call with NULL baseDN, server warn about junk pointer in free() and
does not responds to client ( pointer garbaged after id2entry_r call ). On
second call - failed (op was changed during ber_alloc_t()).
I've also noticed that there is some misspelling of empty value of op->o_dn.
in op_add, if bind dn is NULL, o_dn set to "", but in (for example)
be_isroot, dn is checked for NULL - imnsho - this is suspicious.
oops. i checked again and found, that this error only happend if suffix in
database definition set to "". If i set it to other value, all working fine.
So - server failed when suffix in database definition set to "" and basedn
in search request is NULL. Even with LDAP_ALLOW_NULL_SEARCH_BASE define.
Looks like something wrong with empty suffix definition.
p.s. i've found where server respond with "junk pointer - to high to make se
nse" -
op_delete( &arg->co_conn->c_ops, arg->co_op ); in connection.c. someone
altered op value.