[Pkg-openldap-devel] Bug#666515: confirmed in 2.4.39-1

Ryan Tandy ryan at nardis.ca
Wed May 7 21:57:52 UTC 2014 

found 666515 2.4.39-1
tags 666515 + confirmed
thanks

Hi,

I confirm this bug in slapd in current unstable.

If I try to slapadd(8) or ldapadd(1) an LDIF using jpegPhoto in the
RDN, it gives a reasonable error message:

dn: jpegPhoto=test,dc=example,dc=com
objectClass: inetOrgPerson
cn: Ryan Tandy
sn: Tandy

ldap_add: Naming violation (64)
additional info: naming attribute 'jpegPhoto' has no equality matching rule

However, if I create a valid entry (for example, with RDN of "cn=Ryan
Tandy") and then try to use ldapmodrdn(1) to change the RDN to
"jpegPhoto=test", slapd crashes:

#0  0x00005555555a92ef in slap_modrdn2mods
(op=op at entry=0x7fffe4002680, rs=rs at entry=0x7ffff2403ab0)
    at ../../../../servers/slapd/modrdn.c:448
        desc = 0x7fffe41041c0
        mod_tmp = 0x7fffe4102ca0
        a_cnt = <optimized out>
        d_cnt = <optimized out>
        old_rdn = 0x0
        new_rdn = 0x7fffe4003090
        __PRETTY_FUNCTION__ = "slap_modrdn2mods"
#1  0x00005555555a9eb2 in do_modrdn (op=0x7fffe4002680,
rs=0x7ffff2403ab0) at ../../../../servers/slapd/modrdn.c:179
        dn = {bv_len = 31, bv_val = 0x7fffe4104337 "cn=Ryan
Tandy,dc=example,dc=com"}
        newrdn = {bv_len = 14, bv_val = 0x7fffe4104358 "jpegPhoto=test"}
        newSuperior = {bv_len = 0, bv_val = 0x0}
        deloldrdn = 0
        pnewSuperior = {bv_len = 0, bv_val = 0x0}
        nnewSuperior = {bv_len = 0, bv_val = 0x0}
        length = 0
#2  0x000055555558e6cc in connection_operation
(ctx=ctx at entry=0x7ffff2403c10, arg_v=arg_v at entry=0x7fffe4002680)
    at ../../../../servers/slapd/connection.c:1155
        rc = 80
        cancel = <optimized out>
        op = 0x7fffe4002680
        rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err =
0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0,
          sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0,
r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0,
              r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata =
0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}},
          sr_flags = 0}
        tag = 108
        opidx = SLAP_OP_MODRDN
        conn = 0x5555559a8c20
        memctx = 0x7fffe4002bf0
        memctx_null = 0x0
        memsiz = 1048576
        __PRETTY_FUNCTION__ = "connection_operation"
#3  0x000055555558e9e5 in connection_read_thread (ctx=0x7ffff2403c10,
argv=0x15) at ../../../../servers/slapd/connection.c:1291
        rc = <optimized out>
        cri = {op = 0x7fffe4002680, func = 0x0, arg = 0x0, ctx =
<optimized out>, nullop = <optimized out>}
        s = <optimized out>
#4  0x00007ffff799bbca in ldap_int_thread_pool_wrapper
(xpool=0x55555590baf0) at ../../../../libraries/libldap_r/tpool.c:688
        pool = 0x55555590baf0
        task = 0x7fffec0008c0
        work_list = <optimized out>
        ctx = {ltu_id = 140737257686784, ltu_key = {{ltk_key =
0x55555558c8c0 <conn_counter_init>, ltk_data = 0x7fffe4002ae0,
              ltk_free = 0x55555558c980 <conn_counter_destroy>},
{ltk_key = 0x5555555e4d30 <slap_sl_mem_init>,
              ltk_data = 0x7fffe4002bf0, ltk_free = 0x5555555e4bf0
<slap_sl_mem_destroy>}, {ltk_key = 0x5555555a2520 <slap_op_free>,
              ltk_data = 0x0, ltk_free = 0x5555555a2480
<slap_op_q_destroy>}, {ltk_key = 0x555555b57b80, ltk_data =
0x7fffe4001e00,
              ltk_free = 0x7ffff2eaa990 <bdb_reader_free>}, {ltk_key =
0x0, ltk_data = 0x7fffe4000a80, ltk_free = 0x0}, {
              ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats
23 times>, {ltk_key = 0x0, ltk_data = 0x0,
              ltk_free = 0x3a00a7cb80a3acbd}, {ltk_key = 0x0, ltk_data
= 0x7ffff5b5e128 <_L_unlock_3183+19>, ltk_free = 0x0}, {
              ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}, {ltk_key
= 0x0, ltk_data = 0x0, ltk_free = 0x0}}}
        kctx = <optimized out>
        keyslot = <optimized out>
        hash = <optimized out>
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#5  0x00007ffff5b5d062 in start_thread (arg=0x7ffff2404700) at
pthread_create.c:312
        __res = <optimized out>
        pd = 0x7ffff2404700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737257686784,
-4179547935506977603, 1, 140737354125408, 1, 140737257686784,
                4179524946678230205, 4179525311173078205},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
              prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#6  0x00007ffff5890bfd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:111

I didn't see an existing ITS about this (but it's possible my search
wasn't good enough). I will forward the report upstream, if I can
reproduce it with unmodified upstream sources.

thanks,
Ryan

More information about the Pkg-openldap-devel mailing list