Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 233382 - nss_ldap crashes on large groups (IA64)
Summary: nss_ldap crashes on large groups (IA64)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: nss_ldap
Version: 4.4
Hardware: ia64
OS: Linux
high
high
Target Milestone: ---
: ---
Assignee: Nalin Dahyabhai
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-21 22:42 UTC by Franco M. Bladilo
Modified: 2018-10-19 23:04 UTC (History)
2 users (show)

Fixed In Version: RHSA-2008-0715
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-24 19:55:35 UTC


Attachments (Terms of Use)
nss_ldap-226-ber_free_buf.patch (deleted)
2007-08-30 11:34 UTC, Jose Plans
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0715 normal SHIPPED_LIVE Low: nss_ldap security and bug fix update 2008-07-24 16:57:16 UTC

Description Franco M. Bladilo 2007-03-21 22:42:13 UTC
Description of problem:
Any application that performs a ldap lookup crashes/segfaults when a highly
populated group is accessed via nss_ldap on ia64 systems.
We assign every user in our clusters to a supplementary group called "users",
apparently this group has grown to a size that nss_ldap doesn't like anymore,
this is what we see now : 

[root@master3 users]# id bladilo
Segmentation fault
[root@master3 users]# 

These are the relevant syscall trace lines for the same command:

geteuid()                               = 0
gettimeofday({1174516009, 951700}, NULL) = 0
write(3, "0\201\247\2\1\16c\201\241\4(ou=rtc,ou=cluster,dc="..., 170) = 170
select(1024, [3], [], NULL, NULL)       = 1 (in [3])
read(3, "0\202\5\r\2\1\16d", 8)         = 8
read(3, "\202\5\6\4:cn=users,ou=Group,ou=rtc,ou"..., 1289) = 1289
select(1024, [3], [], NULL, NULL)       = 1 (in [3])
read(3, "0\f\2\1\16e\7\n", 8)           = 8
read(3, "\1\0\4\0\4\0", 6)              = 6
gettimeofday({1174516009, 953860}, NULL) = 0
gettimeofday({1174516009, 953998}, NULL) = 0
--- SIGSEGV (Segmentation fault) @ 2000000000139781 (c000000000021b60) ---
+++ killed by SIGSEGV +++
Process 25484 detached

Other commands also provide strange results/output : 
[root@master3 users]# ls -la
ls: ../../../libraries/liblber/io.c:171: ber_free_buf: Assertion
`((ber)->ber_opts.lbo_valid==0x2)' failed.
Aborted

We downloaded and installed nss_ldap-255-1/pam_ldap-184 from padl's website in
one of our test boxes and this problem went away.
 
Version-Release number of selected component (if applicable):

nss_ldap-226-17
glibc-2.3.4-2.25
glibc-2.3.4-2.25
kernel-2.6.9-42.EL

How reproducible:

Always

Steps to Reproduce:
1. Populate a ldap supplementary group with more than 150 entries
2. Bind to ldap with an ia64 RHEL4 (u4) client
3. Try running any command (id,ls,etc) that performs a supplementary group lookup. 
  
Actual results:

command crashes/segfaults

Expected results:


Additional info:

Comment 1 Jose Plans 2007-08-30 11:34:22 UTC
Created attachment 180761 [details]
nss_ldap-226-ber_free_buf.patch

Comment 4 Issue Tracker 2007-10-10 18:36:13 UTC
I downloaded the nss_ldap-226-18.it133168.x86_64.rpm package from
http://people.redhat.com/ichihi/.allianz/it133168/ and find that it fixes
the ber_free_buf error in the IBM test environment.


This event sent from IssueTracker by jwest 
 issue 130212

Comment 9 RHEL Product and Program Management 2007-11-29 04:21:22 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 14 errata-xmlrpc 2008-07-24 19:55:35 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0715.html


Note You need to log in before you can comment on or make changes to this bug.