[Date Prev][Date Next] [Chronological] [Thread] [Top]

SEGFAULT with NULL backend suffix definition (ITS#23)



Full_Name: Alex Iliynsky
Version: 1.1.1
OS: FreeBSD 3.0/2.2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.87.68.4)


I have a one problem with 1.1.1 and I think that there is possible bug.

My configuration (Freebsd 2.2.6/3.0 - doesn't matter)

slapd.conf :

#include  %SYSCONFDIR%/slapd.at.conf
#include  %SYSCONFDIR%/slapd.oc.conf
schemacheck off
#referral ldap://ldap.itd.umich.edu

#######################################################################
# ldbm database definitions
#######################################################################

database ldbm
suffix  ""
#suffix  "o=Your Organization Name, c=US"
directory /usr/tmp
rootdn  "cn=root, dc=home, dc=ri"
#rootdn  "cn=root, o=Your Organization Name, c=US"
rootpw  secret

ldif file for creation of  initial database:

dn: c=ru
c: ru
objectclass: country

when I issued ldapsearch "objectclass=*" server does not respond at ALL.
on next same search server dumped with segfault in strcasecmp (called from
be_isroot()).

If i set ANY baseDN for search (not NULL), server will work and respond
correctly.
I traced slapd and found that this error caused by failed value of Operation
* op in ldbm_back_search. I can't say where exactly this value is garbaged
(I not so familiar with gdb :)
On first call with NULL baseDN, server warn about junk pointer in free() and
does not responds to client ( pointer garbaged after id2entry_r call ). On
second call - failed (op was changed during ber_alloc_t()).

I've also noticed that there is some misspelling of empty value of op->o_dn.
in op_add, if bind dn is NULL, o_dn set to "", but in (for example)
be_isroot, dn is checked for NULL - imnsho - this is suspicious.

oops. i checked again and found, that this error only happend if suffix in
database definition set to "". If i set it to other value, all working fine.

So - server failed when suffix in database definition set to  "" and basedn
in search request is NULL. Even with LDAP_ALLOW_NULL_SEARCH_BASE define.
Looks like something wrong with empty suffix definition.


p.s. i've found where server respond with "junk pointer - to high to make se
nse" -
op_delete( &arg->co_conn->c_ops, arg->co_op ); in connection.c. someone
altered op value.