Unsubscribing ~ubuntu-sponsors as it looks like this has already been uploaded.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1593378 Title: crash in slap_bv2ad using repeated tags Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Trusty: Fix Committed Bug description: [SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=<BINDDN_COMMON_NAME>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>" -x -W -b "dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de ;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang- de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn ;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang- encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de ;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x00007f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=<optimized out>, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x00007f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x00007f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x00007f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x00007f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x00007f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x00007f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
