On Sun, 2008-04-06 at 15:43 +0200, Petter Reinholdtsen wrote: > I was also able to reproduce a crash with svn version 671 too. Here > is the valgrind output. Notice how valgrind crashes too, I suspect > this is because something is writing to random locations in memory.
I noticed from the valgrind output you're using etch's Glibc. Are you also using OpenLDAP from etch? How do you produce the binary (compiler, compiler flags, etc) (I would recommend passing --enable-debug to configure, no optimisation flags)? Anything else out of the ordinary? Which architecture are you using? Also installing libc6-dbg should give a little more debugging information. [...] > ==22387== Invalid read of size 4 > ==22387== at 0x4010E00: (within /lib/ld-2.3.6.so) > ==22387== by 0x4004B78: (within /lib/ld-2.3.6.so) > ==22387== by 0x4006792: (within /lib/ld-2.3.6.so) > ==22387== by 0x419F21F: (within /lib/tls/libc-2.3.6.so) > ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) > ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) > ==22387== by 0x41A14BC: (within /lib/tls/libc-2.3.6.so) > ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) > ==22387== by 0x41A151D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so) > ==22387== by 0x417B26C: __nss_lookup_function (in /lib/tls/libc-2.3.6.so) > ==22387== by 0x417B36F: (within /lib/tls/libc-2.3.6.so) > ==22387== by 0x417CDF5: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so) > ==22387== Address 0x43CF478 is 24 bytes inside a block of size 27 alloc'd > ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) > ==22387== by 0x4006B83: (within /lib/ld-2.3.6.so) > ==22387== by 0x419F21F: (within /lib/tls/libc-2.3.6.so) > ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) > ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) > ==22387== by 0x41A14BC: (within /lib/tls/libc-2.3.6.so) > ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) > ==22387== by 0x41A151D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so) > ==22387== by 0x417B26C: __nss_lookup_function (in /lib/tls/libc-2.3.6.so) > ==22387== by 0x417B36F: (within /lib/tls/libc-2.3.6.so) > ==22387== by 0x417CDF5: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so) > ==22387== by 0x417FC95: gethostbyname_r (in /lib/tls/libc-2.3.6.so) This is really strange, because it is when doing a hostname resolution (probably for the name of the LDAP server). It should be outside the scope of nslcd and before any real LDAP operations take place. Could you also include the output of nslcd in the log and some information about which commands were run to trigger the crash? [...] > ==22387== Thread 3: > ==22387== Conditional jump or move depends on uninitialised value(s) > ==22387== at 0x401E20B: strlen (mc_replace_strmem.c:246) > ==22387== by 0x8050EC8: write_group (group.c:237) > ==22387== by 0x80511C1: nslcd_group_all (group.c:360) > ==22387== by 0x804ADD1: worker (nslcd.c:379) > ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) > ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) Are you sure you're using r671? That revision does not include a strlen() call on line 237 (r634 does btw). I have found a bug in the group code that would incorrectly handle invalid DN values. Attached is a fix for this bug (nss-ldapd-groups-invalid-dn.patch) which is also committed as r672. If this fixes the problem I would like to know what kind of DN was passed that it couldn't be parsed or looked up correctly. Attached is a patch (nss-ldapd-dn2uid-logging.patch) that should log all dn2uid() calls. Could you try that also? -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
Index: nslcd/passwd.c =================================================================== --- nslcd/passwd.c (revision 671) +++ nslcd/passwd.c (working copy) @@ -125,6 +125,8 @@ static const char *attrs[2]; int rc; const char **values; + /* log some debugging information */ + log_log(LOG_DEBUG,"dn2uid(\"%s\")",dn); /* set up attributes */ attrs[0]=attmap_passwd_uid; attrs[1]=NULL;
Index: nslcd/group.c
===================================================================
--- nslcd/group.c (revision 671)
+++ nslcd/group.c (working copy)
@@ -244,8 +244,8 @@
else
{
/* transform the DN into a uid */
- dn2uid(session,values[i],buf+bufsz,bufalloc-bufsz);
- bufsz+=strlen(buf+bufsz)+1;
+ if (dn2uid(session,values[i],buf+bufsz,bufalloc-bufsz)!=NULL)
+ bufsz+=strlen(buf+bufsz)+1;
}
}
/* if the buffer does not contain any data, return NULL */
signature.asc
Description: This is a digitally signed message part
