[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Tags removed: sts-sru -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: Fix Released Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list:
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu8.3 --- openldap (2.4.31-1+nmu2ubuntu8.3) trusty; urgency=medium * Fix segfault issue in slap_bv2ad (LP: #1593378) - d/p/its-7941-fix-for-repeated-tags.patch: Cherry picked patch from upstream VCS. -- Eric DesrochersFri, 24 Jun 2016 11:05:23 +0200 ** Changed in: openldap (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: Fix Released Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
The following has been brought to my attention by a user : "I got verification from the system test, the fix solves the ldap issue. Thank you for the fix" -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: Fix Committed Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: Fix Committed Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to:
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
Unsubscribing ~ubuntu-sponsors as it looks like this has already been uploaded. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: Fix Committed Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to:
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Tags removed: sts-sponsor -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: Fix Committed Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list:
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
Hello Eric, or anyone else affected, Accepted openldap into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openldap/2.4.31-1+nmu2ubuntu8.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: openldap (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: Fix Committed Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830,
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
The user that originally reported the issue on Ubuntu package have tested a "Test package". The "Test package" I have builded can be found here : ppa:slashd/fix1593378. Users feedback : "We tested the hotfix and looks like it works, the sldap on the CIC with the fix didn`t crash." Eric ** Description changed: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. + A hotfix has been tested by the user that originally reported the issue. + The hotfix solves the issue. + [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title:
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
Here's the debdiff for Trusty which is a cherry picked patch from upstream VCS. ** Patch added: "lp1593378_trusty.debdiff" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+attachment/4687422/+files/lp1593378_trusty.debdiff ** Changed in: openldap (Ubuntu Trusty) Status: New => In Progress ** Tags added: ubuntu-sponsors ** Tags added: patch sts-sponsor sts-sru -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: In Progress Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=,dc=,dc=,dc=" -x -W -b "dc=,dc=,dc=" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Description changed: + [Impact] + + The effect of the bug on users is that the program (slapd) terminated + with signal SIGSEGV, Segmentation fault when ldapsearch tries to query + using multiple language tags. + + + GDB output: + ... + Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. + Program terminated with signal SIGSEGV, Segmentation fault. + ... + + (gdb) bt + #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 + #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 + ... + + In frame #1 the 'tags' struct is corrupt. + + Line #272 checks for duplication and jumps to the done label (line #294) + when a duplicate is found. The code increases 'ntags' without filling in + the tags struct with values. In later iterations this could lead to + copying and using uninitialised memory. + + [Test Case] + + One way to reproduce the issue : + + $ ldapsearch -D + "cn=,dc=,dc=,dc=" + -x -W -b + "dc=,dc=,dc=" + "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- + encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- + encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn + ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn + ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn + ;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de + ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de + ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de + ;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- + encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- + encn;lang-de;lang-encn;lang-de;lang-encn;lang-de" + + Explanation : + + Reference: + http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch + + -D binddn + Use the Distinguished Name binddn to bind to the LDAP directory. + For SASL binds, the server is expected to ignore this value. + + -x + Use simple authentication instead of SASL. + + -W + Prompt for simple authentication. This is used instead of + specifying the password on the command line. + + -b searchbase + Use searchbase as the starting point for the search instead of the default. + + + [Regression Potential] + + The patch is already in place in Debian & Wily and late Ubuntu release + version. + + [Other Info] + + Upstream OpenLDAP Bug : + http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 + + Upstream OpenLDAP Commit : + af8f1e0 ITS#7941 fix for repeated tags + + Upstream OpenLDAP Commit Web : + http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 + + (The commit has been introduced first in upstream branch : + OPENLDAP_REL_ENG_2_4_40~6) + + [Original Description] + Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) - at ../../../../servers/slapd/filter.c:190 + at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 ** Description changed: + [SRU JUSTIFICATION] + [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. - GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 - #1 0x7f674ae8cab2 in
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Changed in: openldap (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: New Bug description: Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Changed in: openldap (Ubuntu Trusty) Assignee: (unassigned) => Eric Desrochers (slashd) ** Tags added: sts ** Changed in: openldap (Ubuntu Trusty) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: New Status in openldap source package in Trusty: New Bug description: Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Also affects: openldap (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: New Status in openldap source package in Trusty: New Bug description: Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
In frame #1 (gdb) p tags $2 = {{bv_len = 7, bv_val = 0x7f672c104866 "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c10486e "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 0, bv_val = 0x0}, {bv_len = 7, bv_val = 0x7f672c10488a "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c104880 "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 0, bv_val = 0x0}, {bv_len = 7, bv_val = 0x7f672c10489c "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c1048a4 "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 0, bv_val = 0x0}, {bv_len = 7, bv_val = 0x7f672c1048c0 "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c1048b6 "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 2, bv_val = 0x7f6741e0df70 "240.0.0.2"}, {bv_len = 7, bv_val = 0x7f672c1048d2 "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c1048da "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 0, bv_val = 0x0}, {bv_len = 7, bv_val = 0x7f672c1048f6 "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c1048ec "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 0, bv_val = 0x0}, {bv_len = 7, bv_val = 0x7f672c104908 "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c104910 "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 0, bv_val = 0x0}, {bv_len = 7, bv_val = 0x7f672c10492c "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c104922 "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 140081463615264, bv_val = 0x7f67495df48b <__GI_getaddrinfo+1915> "H\213\205\300\376\377\377H\205\300\017\204\216\001"}, {bv_len = 7, bv_val = 0x7f672c10493e "lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;la"...}, {bv_len = 9, bv_val = 0x7f672c104946 "lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;la"...}, {bv_len = 140081589971545, bv_val = 0x7f67495594ea <_IO_vfprintf_internal+2042>
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Eric Desrochers (slashd) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: New Bug description: Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: New Bug description: Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
** Changed in: openldap (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: New Bug description: Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1593378] Re: crash in slap_bv2ad using repeated tags
I think this upstream commit could be a possible candidate to fix that issue : commit 0659ef45d486b5daaafc020cb67b561a8029036d Author: Howard ChuDate: Thu Sep 18 00:33:33 2014 +0100 ITS#7941 fix for repeated tags Make sure ntags isn't incremented if we're skippnig the tag diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c index 78a8b15..246b900 100644 --- a/servers/slapd/ad.c +++ b/servers/slapd/ad.c @@ -271,6 +271,7 @@ int slap_bv2ad( if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) { /* duplicate (ignore) */ + ntags--; goto done; } else if ( rc > 0 || -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: New Bug description: Core was generated by `/usr/sbin/slapd -h ldap://:389 ldap://:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x7f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x7f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x7f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x7f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x7f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x7f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x7f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp