Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 453185

Summary: Not easily reproduceable crash in password change
Product: [Retired] freeIPA Reporter: Simo Sorce <ssorce>
Component: ipa-serverAssignee: Simo Sorce <ssorce>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: high    
Version: 1.0CC: benl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.1.0-3.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-17 14:14:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 453489    
Attachments:
Description Flags
Fix for segfault
none
corrected patch
none
also avoid memory leaks none

Description Simo Sorce 2008-06-27 18:40:06 UTC
Description of problem:
Password change code in dirsrv crash tearing down the server.

Difficult to reproduce.

Comment 1 Simo Sorce 2008-06-27 18:41:10 UTC
Stack trace courtesy of Jan-Frode Myklebust

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x582df4b0 (LWP 6328)]
pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
280     if ( *val != PWD_HASH_PREFIX_START ||
(gdb) bt
#0  pw_val2scheme (val=0x0, valpwdp=0x582dea3c, first_is_default=1)
    at ldap/servers/slapd/pw.c:280
#1  0x0ff250c0 in slapi_pw_find_sv (vals=0x108ba708, v=0x108ba7d8)
    at ldap/servers/slapd/pw.c:142
#2  0x0dd98594 in ?? () from /usr/lib/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0ff1edc4 in plugin_call_exop_plugins (pb=0x108b8538, oid=0x0)
    at ldap/servers/slapd/plugin.c:393
#4  0x100143fc in do_extended (pb=0x108b8538)
    at ldap/servers/slapd/extendop.c:300
#5  0x1000f348 in connection_threadmain ()
    at ldap/servers/slapd/connection.c:562
#6  0x0f91ffc8 in _pt_root (arg=<value optimized out>)
    at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x0fd46e3c in start_thread (arg=<value optimized out>)
    at pthread_create.c:299
#8  0x48106670 in clone () from /lib/libc.so.6
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

Comment 2 Simo Sorce 2008-06-27 18:42:35 UTC
Created attachment 310466 [details]
Fix for segfault

The first argument of slapi_pw_find_sv is an array not a pointer to a pointer.
We must terminate the array or we can search through the memory unitl we reach
the end of a segment and segfault.

Comment 3 Simo Sorce 2008-06-27 18:54:28 UTC
Created attachment 310469 [details]
corrected patch

Comment 4 Simo Sorce 2008-06-27 20:01:09 UTC
Created attachment 310476 [details]
also avoid memory leaks

Comment 5 Fedora Update System 2008-06-29 17:57:58 UTC
ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8

Comment 6 Fedora Update System 2008-06-29 17:58:35 UTC
ipa-1.1.0-4.fc9 has been submitted as an update for Fedora 9

Comment 7 Fedora Update System 2008-07-01 05:28:49 UTC
ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ipa'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-5896

Comment 8 Matt Flusche 2008-07-03 03:12:51 UTC
I've upgraded to 1.1.0-4 for fedora 9 (x86_64) and am still having ns-slapd
crash during password changes.

# rpm -q ipa-server
ipa-server-1.1.0-4.fc9.x86_64

# uname -a
Linux ruff.flusche.co 2.6.25.9-76.fc9.x86_64 #1 SMP Fri Jun 27 15:58:30 EDT 2008
x86_64 x86_64 x86_64 GNU/Linux

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x41992950 (LWP 9201)]
0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
(gdb) bt
#0  0x000000392fc808f0 in strcmp () from /lib64/libc.so.6
#1  0x00007f95ec9dc093 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#2  0x00007f95ec9dd778 in ?? () from /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
#3  0x0000000000188f05 in plugin_call_exop_plugins (pb=0x1533f30, oid=0x150fc50
"1.3.6.1.4.1.4203.1.11.1")
    at ldap/servers/slapd/plugin.c:393
#4  0x000000000041698f in do_extended (pb=0x1533f30) at
ldap/servers/slapd/extendop.c:300
#5  0x0000000000412086 in connection_threadmain () at
ldap/servers/slapd/connection.c:562
#6  0x0000003ee8e29aa3 in _pt_root (arg=<value optimized out>) at
../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:221
#7  0x000000393080729a in start_thread (arg=<value optimized out>) at
pthread_create.c:297
#8  0x000000392fce42cd in clone () from /lib64/libc.so.6



Comment 10 Fedora Update System 2008-07-15 19:52:41 UTC
ipa-1.1.0-3.fc8 has been submitted as an update for Fedora 8

Comment 11 Fedora Update System 2008-07-17 14:14:34 UTC
ipa-1.1.0-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2008-07-17 14:17:37 UTC
ipa-1.1.0-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.