[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4898) slapd crashes when no structural object class provided



Full_Name: Ben Lentz
Version: 2.3.34
OS: Fedora Core 3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (12.169.82.130)


Background:
This is a heavily modified RPM build of the 2.2.17 release which came standard
with Fedora Core 3.

Versions:
OpenLDAP 2.3.34, gcc-3.4.4, glibc-2.3.6, db4-4.2.52

Build:
./configure --enable-ldbm -with-ldbm-api=berkeley --enable-bdb --enable-ldap
--enable-meta --enable-monitor --enable-null --enable-rewrite --disable-shared
--with-kerberos=k5only --with-cyrus-sasl

Configuration:
/etc/openldap/slapd.conf: database ldbm
/usr/sbin/slapd -u ldap -h "ldap:///"; -d 1 &

Issue:
Client executes something dumb, causing a "No structural object class" error:
ldapadd -x -D "cn=Manager,dc=my-domain,dc=com" -w secret
dn: dc=my-domain,dc=com
objectClass: top
objectClass: dcObject
dc: my-domain
^D

slapd output (crash):
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 79 contents:
ber_get_next
do_add
ber_scanf fmt ({m) ber:
>>> dnPrettyNormal: <dc=my-domain,dc=com>
<<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com>
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt (}) ber:
dn2entry_r: dn: "dc=my-domain,dc=com"
=> dn2id( "dc=my-domain,dc=com" )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
<= ldbm_cache_open (opened 0)
<= dn2id NOID
entry failed op attrs add: no structural object class provided (65)
slapd: ../../../../servers/slapd/back-ldbm/cache.c:111: cache_return_entry_rw:
Assertion `e->e_private != ((void *)0)' failed.

[1]+  Aborted                 /usr/sbin/slapd -u ldap -h "ldap:///"; -d 1

ldapadd output:
adding new entry "dc=my-domain,dc=com"
ldap_result: Can't contact LDAP server (-1)

Is there something wrong with my build or runtime environment that would cause
this? I am mostly concerned that this is a "minor security issue", e.g. server
bugs which clients can use to deny services to others. I am looking to upgrade
several production servers from 2.2.17 to 2.3.34 and need to ensure that things
are as stable as possible beforehand.

I can provide more detailed information (versions, straces, cores, etc.) upon
request.

Thanks for any insight you can provide.