[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9128) Fix for slapd-mdb start Bus Error in strchrlen
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#9128) Fix for slapd-mdb start Bus Error in strchrlen
- From: hyc@symas.com
- Date: Wed, 04 Dec 2019 20:51:56 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
requate@univention.de wrote:
> Full_Name: Arvid Requate
> Version: 2.4.45
> OS: UCS / Debian Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (92.210.162.23)
>
>
> In our CI tests we observed a situation where the slapd-mdb failed to start,
> terminating due to a "bus error" and slapcat showed the same behaviour. I turned
> out that the data.mdb file had an "Attribute;option" string right at the end of
> it and strchrlen tried to access a memory location past the end of the page
> while scanning for another ';', see stack trace down below.
Thanks for the report, fix applied to master.
>
> This patch fixed the issue for us:
> =========================================================
> Author: Arvid Requate <requate@univention.de>
> Date: Tue Dec 3 23:33:10 2019 +0100
>
> Avoid bus error with slapd-mdb/slapcat
>
> diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c
> index 801f18d34..31a94a725 100644
> --- a/servers/slapd/ad.c
> +++ b/servers/slapd/ad.c
> @@ -145,7 +145,7 @@ static char *strchrlen(
> {
> const char *p;
>
> - for( p=beg; *p && p < end; p++ ) {
> + for( p=beg; p < end && *p; p++ ) {
> if( *p == ch ) {
> *len = p - beg;
> return (char *) p;
> =========================================================
>
> This is the stack trace:
> =========================================================
> $ gdb slapcat
> bt
> #0 0x00005555555d0dc4 in strchrlen (len=<synthetic pointer>, ch=59 ';',
> end=0x7fff6bd62000 <error: Cannot access memory at address 0x7fff6bd62000>,
> beg=0x7fff6bd61ff5 "entry-de-de"<error: Cannot access memory at address
> 0x7fff6bd62000>) at ../../../../servers/slapd/ad.c:148
> #1 slap_bv2ad (bv=bv@entry=0x7fffffffdbe0, ad=ad@entry=0x7fffffffdbb8,
> text=text@entry=0x7fffffffdbb0) at ../../../../servers/slapd/ad.c:224
> #2 0x00007fffee70e043 in mdb_ad_read (mdb=mdb@entry=0x555555a58240,
> txn=<optimized out>) at ../../../../../servers/slapd/back-mdb/attr.c:573
> #3 0x00007fffee6fe4ad in mdb_db_open (be=0x7fffffffdd90, cr=0x7fffffffdf80) at
> ../../../../../servers/slapd/back-mdb/init.c:263
> #4 0x00005555555fa601 in over_db_open (be=<optimized out>, cr=0x7fffffffdf80)
> at ../../../../servers/slapd/backover.c:149
> #5 0x000055555559a317 in backend_startup_one (be=be@entry=0x555555a580a0,
> cr=cr@entry=0x7fffffffdf80) at ../../../../servers/slapd/backend.c:224
> #6 0x000055555559a4cb in backend_startup (be=be@entry=0x555555a580a0) at
> ../../../../servers/slapd/backend.c:278
> #7 0x00005555555bc0e1 in slap_startup (be=0x555555a580a0) at
> ../../../../servers/slapd/init.c:219
> #8 0x00005555555ffc84 in slap_tool_init (progname=progname@entry=0x55555561d2c1
> "slapcat", tool=tool@entry=2, argc=<optimized out>, argv=<optimized out>) at
> ../../../../servers/slapd/slapcommon.c:908
> #9 0x00005555555fec90 in slapcat (argc=<optimized out>, argv=<optimized out>)
> at ../../../../servers/slapd/slapcat.c:53
> #10 0x0000555555570867 in main (argc=1, argv=0x7fffffffe568) at
> ../../../../servers/slapd/main.c:410
> =========================================================
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/