Package: libnss-ldapd Version: 0.6 Severity: important While testing different pagesize settings (related to BTS report #474170), I was able to capture this crash. I've had nslcd crashing several times when connecting it to an Active Directory LDAP server, but been unable to get usable debug information.
I used 'pagesize 5' in this test, and ran 'id username' to get it to look up all groups. These are the valgrind reports leading up to the crash. Any idea how to avoid it? ==29874== Thread 3: ==29874== Invalid read of size 1 ==29874== at 0x401E211: strlen (mc_replace_strmem.c:246) ==29874== by 0x8050F38: write_group (group.c:237) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) ==29874== by 0x40A123F: start_thread (in /lib/tls/i686/cmov/libpthread-2.3.6.so) ==29874== by 0x417949D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so) ==29874== Address 0x701D048 is 0 bytes after a block of size 432 alloc'd ==29874== at 0x401D487: realloc (vg_replace_malloc.c:306) ==29874== by 0x8050EE0: write_group (group.c:215) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) ==29874== by 0x40A123F: start_thread (in /lib/tls/i686/cmov/libpthread-2.3.6.so) ==29874== by 0x417949D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so) ==29874== ==29874== Invalid read of size 1 ==29874== at 0x401E208: strlen (mc_replace_strmem.c:246) ==29874== by 0x8050F38: write_group (group.c:237) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) ==29874== by 0x40A123F: start_thread (in /lib/tls/i686/cmov/libpthread-2.3.6.so) ==29874== by 0x417949D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so) ==29874== Address 0x701D059 is not stack'd, malloc'd or (recently) free'd ==29874== ==29874== Invalid write of size 1 ==29874== at 0x401E9A0: strcpy (mc_replace_strmem.c:272) ==29874== by 0x80542C4: dn2uid (passwd.c:156) ==29874== by 0x8050F2E: write_group (group.c:236) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) ==29874== by 0x40A123F: start_thread (in /lib/tls/i686/cmov/libpthread-2.3.6.so) ==29874== by 0x417949D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so) ==29874== Address 0x701D08E is 22 bytes inside a block of size 27 free'd ==29874== at 0x401CFA5: free (vg_replace_malloc.c:233) ==29874== by 0x41E6749: ber_memfree (in /usr/lib/liblber.so.2.0.130) ==29874== by 0x4062E50: ldap_avafree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x4062EC7: ldap_rdnfree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x4062F27: ldap_dnfree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x40662B0: ldap_explode_dn (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x804B8C2: get_exploded_rdn (myldap.c:1153) ==29874== by 0x804BA6F: myldap_cpy_rdn_value (myldap.c:1209) ==29874== by 0x805421D: dn2uid (passwd.c:132) ==29874== by 0x8050F2E: write_group (group.c:236) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) ==29874== ==29874== Invalid write of size 1 ==29874== at 0x401E9A9: strcpy (mc_replace_strmem.c:272) ==29874== by 0x80542C4: dn2uid (passwd.c:156) ==29874== by 0x8050F2E: write_group (group.c:236) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) ==29874== by 0x40A123F: start_thread (in /lib/tls/i686/cmov/libpthread-2.3.6.so) ==29874== by 0x417949D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so) ==29874== Address 0x701D090 is 24 bytes inside a block of size 27 free'd ==29874== at 0x401CFA5: free (vg_replace_malloc.c:233) ==29874== by 0x41E6749: ber_memfree (in /usr/lib/liblber.so.2.0.130) ==29874== by 0x4062E50: ldap_avafree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x4062EC7: ldap_rdnfree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x4062F27: ldap_dnfree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x40662B0: ldap_explode_dn (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x804B8C2: get_exploded_rdn (myldap.c:1153) ==29874== by 0x804BA6F: myldap_cpy_rdn_value (myldap.c:1209) ==29874== by 0x805421D: dn2uid (passwd.c:132) ==29874== by 0x8050F2E: write_group (group.c:236) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) ==29874== ==29874== Invalid write of size 1 ==29874== at 0x401E9AD: strcpy (mc_replace_strmem.c:272) ==29874== by 0x80542C4: dn2uid (passwd.c:156) ==29874== by 0x8050F2E: write_group (group.c:236) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) ==29874== by 0x40A123F: start_thread (in /lib/tls/i686/cmov/libpthread-2.3.6.so) ==29874== by 0x417949D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so) ==29874== Address 0x701D094 is 1 bytes after a block of size 27 free'd ==29874== at 0x401CFA5: free (vg_replace_malloc.c:233) ==29874== by 0x41E6749: ber_memfree (in /usr/lib/liblber.so.2.0.130) ==29874== by 0x4062E50: ldap_avafree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x4062EC7: ldap_rdnfree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x4062F27: ldap_dnfree (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x40662B0: ldap_explode_dn (in /usr/lib/libldap_r.so.2.0.130) ==29874== by 0x804B8C2: get_exploded_rdn (myldap.c:1153) ==29874== by 0x804BA6F: myldap_cpy_rdn_value (myldap.c:1209) ==29874== by 0x805421D: dn2uid (passwd.c:132) ==29874== by 0x8050F2E: write_group (group.c:236) ==29874== by 0x8051231: nslcd_group_all (group.c:360) ==29874== by 0x804ADB1: worker (nslcd.c:363) --29874-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --29874-- si_code=1; Faulting address: 0x73020260; sp: 0x63BCBDEC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
