Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 81438

Summary: nss_ldap segfaults on big groups
Product: [Retired] Red Hat Linux Reporter: Panu Matilainen <pmatilai>
Component: nss_ldapAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED NEXTRELEASE QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: nicku, srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-07-31 14:40:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 79579, 100644    

Description Panu Matilainen 2003-01-09 15:04:19 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20021216

Description of problem:
nss_ldap segfaults in presence of big(gish) groups on the ldap server. I'm not
sure what's the actual breakup point is, but for nss_ldap-198 and 202 its 100%
reproducible here with a group of 4793 users. Older versions (tested on RH7.2)
segfault much earlier, for nss_ldap-189-4 the breakup point seems to be 10 users
in a group.

I can "fix" it (tested on nss_ldap 198) by causing a memory leak by commenting
out "ldap_value_free (vals);" on line 158 of ldap-grp.c, after doing that I can
no more make it crash. Also it doesn't appear to be a null pointer since
changing it to
if (vals != NULL)
      ldap_value_free (vals);
doesn't help either. Oh and that doesn't help on nss_ldap-189..

Would be nice to have it fixed not just for the next release but for older
versions too... 

Version-Release number of selected component (if applicable): 189, 198, 202 at
least (haven't tried earlier versions)

How reproducible:

Steps to Reproduce:
1. create a group of at least (?) 4793 users on ldap server
2. configure client to fetch user information from ldap
3. run 'id username'


Actual Results:  [pmatilai@es-adsl-soho-30-186 pmatilai]$ id pmatilai
Segmentation fault

Expected Results:  I should print out the list of groups..

Additional info:

Comment 1 Panu Matilainen 2003-01-09 15:07:33 UTC
Forgot to mention: this is using RFC2307bis schema. If compiled without support
for that nss_ldap doesn't crash but then it doesn't provide much info either :)

Comment 2 Panu Matilainen 2003-02-11 08:45:28 UTC
This might very well be fixed in nss_ldap-203:

Unfortunately I'm not able to actually test it currently as someone has pulled
the plug on the LDAP-server :(

Comment 3 Panu Matilainen 2003-02-11 11:40:36 UTC
Confirmed now: after updating the current rawhide nss_ldap package to 203 it no
long segfaults.

Comment 4 Panu Matilainen 2003-07-31 14:40:42 UTC
Severn has nss_ldap-207 and as mentioned earlier this was fixed in 203 already -