Ubuntu
openldap2.3 package

[SRU] Assertion error in schema_init.c:366: octetStringIndexer

  1. Intrepid (8.10)
  2. Bug #220724
Bug #220724 reported by Michael Jeanson
8
Affects Status Importance Assigned to Milestone
openldap2.3 (Debian)
Fix Released
Unknown
openldap2.3 (Ubuntu)
Fix Released
Undecided
Chuck Short
Hardy
Fix Released
Undecided
Chuck Short
Intrepid
Fix Released
Undecided
Chuck Short

Bug Description

Using slapd 2.4.7-6ubuntu3 on hardy i386, I get random crashes in modify operations.

Log :
oc_check_allowed type "modifyTimestamp"
slapd: /build/buildd/openldap2.3-2.4.7/servers/slapd/schema_init.c:366: octetStringIndexer: Assertion `i > 0' failed.
Abandon

There is a debian bug filed for this issue :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474161

The solution is present but it's not clear if it was packaged or not in unstable.

The fix is 2 one liners has described here :
<http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modify.c.diff?r1=1.301&r2=1.302&hideattic=1&sortbydate=0&f=h>
<http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modify.c.diff?r1=1.173&r2=1.174&hideattic=1&sortbydate=0&f=h>

This bug makes slapd unusable in hardy at least for me. I'll package the fix for testing on my servers and report any side-effects.

CVE References

Revision history for this message
Michael Jeanson (mjeanson) wrote :

Here is a patch containing the fix, it's working fine on my servers.

Revision history for this message
Chuck Short (zulcss) wrote :

Is it possible to provide a way to reproduce this error?

Thanks
chuck

Changed in openldap2.3:
status: New → Incomplete
Revision history for this message
Anderson (amg1127) wrote :

I can't provide a way to reproduce, but I can reproduce this error in my server.

I have a GOsa 2.5.15 installation using OpenLDAP 2.4.7 and it crashes when I try to add a mail server.

I hope my backtrace can track the problem.

Revision history for this message
Anderson (amg1127) wrote :

The patch fixed things here also...

Revision history for this message
Michael Jeanson (mjeanson) wrote :

Here is how I reproduced the bug:

# Download and extract bug220724.tar.gz, then install the packages.
apt-get install slapd ldap-utils

# Copy the configuration
cp -r bug220724/ldap/schema /etc/ldap/
cp bug220724/ldap/slapd.conf /etc/ldap/

# Stop the service
/etc/init.d/slapd stop

# Generate the database
rm -rf /var/lib/ldap/*
slapadd -l bug220724/base.ldif
chown -R openldap:openldap /var/lib/ldap

# Run the deamon in foreground
/usr/sbin/slapd -g openldap -u openldap -f /etc/ldap/slapd.conf -d 256

# Then in another shell apply opera.ldif and you will get a crash 9 times out of 10
ldapmodify -x -D "cn=manager,dc=g189,dc=uniredemg,dc=com,dc=br" -w secret -f bug220724/opera.ldif

# Delete the entries and apply opera.ldif again to reproduce
ldapdelete -x -D "cn=manager,dc=g189,dc=uniredemg,dc=com,dc=br" -w secret uid=user1,ou=People,dc=g189,dc=uniredemg,dc=com,dc=br uid=user2,ou=People,dc=g189,dc=uniredemg,dc=com,dc=br
ldapmodify -x -D "cn=manager,dc=g189,dc=uniredemg,dc=com,dc=br" -w secret -f bug220724/opera.ldif

Merci,
Michael

Chuck Short (zulcss)
Changed in openldap2.3:
status: Incomplete → Confirmed
Revision history for this message
Chuck Short (zulcss) wrote :

Statement of Impact:

Slapd crashes when doing a time stamp modification. I was able to reproduce this readily in hardy.

how this bug has been addressed:

I have attached the patch that fixes this issue for hardy. It is basically a 2 line patch that has been already commited upstream. It is supposedly fixed in debian and it will be fixed for intrepid when it is open.

How to reproduce this bug:

See previous comment.

Regressions: I dont think there are any regressions with this patch applied.

Revision history for this message
Martin Pitt (pitti) wrote :

Chuck, thanks for reproducing and the patch. Please provide a detailled changelog entry which accompanies the patch and upload to hardy-proposed when you are ready.

BTW, the "regression" part of the SRU policy is to estimate the worst possilble regression, not the actual set of regressions this patch introduced (if these were known, we wouldn't apply it in the first place :-) ).

Thanks, Pitti

Changed in openldap2.3:
assignee: nobody → zulcss
status: New → Confirmed
assignee: nobody → zulcss
Revision history for this message
Chuck Short (zulcss) wrote :

These are the cvs commits in the openldap cvs tree:

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modify.c.diff?r1=1.173&r2=1.174&cvsroot=OpenLDAP-src&hideattic=1&sortbydate=0

and

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modify.c.diff?r1=1.276.2.8&r2=1.276.2.9&cvsroot=OpenLDAP-src&hideattic=1&sortbydate=0

And for completeness this is the bug report from the openldap:

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5450;selectid=5450

I have already uploaded to hardy-proposed.

Thanks
chuck

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into hardy-proposed, please test.

Changed in openldap2.3:
status: Confirmed → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in openldap2.3:
status: Unknown → Confirmed
Revision history for this message
Brian Murray (brian-murray) wrote :

I was able to recreate the bug using the steps and attachment from comment #5 using slapd package version 2.4.7-6ubuntu3 and ldap-utils 2.4.7-6ubuntu3. I then installed package version 2.4.7-6ubuntu4.1 from -proposed and was unable to recreate the bug. Additionally, I ran test-openldap.py from qa-regression-testing and ran into no issues with the -proposed package.

Revision history for this message
Anderson (amg1127) wrote :

My server does not crash now. :-)

Revision history for this message
Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in openldap2.3:
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in openldap2.3:
status: Confirmed → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in openldap2.3:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package openldap2.3 - 2.4.9-1ubuntu1

---------------
openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/apparmor-profile: add AppArmor profile
    - debian/slapd.postinst: Reload AA profile on configuration
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
      to make sure that if earlier version of apparmour-profiles gets
      installed it won't overwrite our profile.
    - Modify Maintainer value to match the DebianMaintainerField
      speficication.
    - follow ApparmorProfileMigration and force apparmor compalin mode on
      some upgrades (LP: #203529)
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.preinst: create symlink for force-complain on pre-feisty
      upgrades, upgrades where apparmor-profiles profile is unchanged (ie
      non-enforcing) and upgrades where apparmor profile does not exist.
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
    - debian/rules, debian/slapd.links: use hard links to slapd instead of
      symlinks for slap* so these applications aren't confined by apparmor
      (LP: #203898)
    - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
      (LP: #215904)
    - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
      error. (LP: #234196)
    - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
      (LP: #220724)
    - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
      upstream.
   * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
     the ucred struct now.

openldap2.3 (2.4.9-1) unstable; urgency=low

  [ Updated debconf translations ]
  * French, thanks to Christian Perrier <email address hidden>.
    Closes: #471792.
  * Finnish, thanks to Esko Arajärvi <email address hidden>. Closes: #475238.
  * Czech, thanks to Miroslav Kure <email address hidden>.
    Closes: #480138.
  * Basque, thanks to Piarres Beobide <email address hidden>.
    Closes: #480177.
  * Vietnamese, thanks to Clytie Siddall <email address hidden>.
    Closes: #480181.
  * Galician, thanks to Jacobo Tarrio <email address hidden>. Closes: #480218.
  * Japanese, thanks to Kenshi Muto <email address hidden>. Closes: #480247.
  * Italian, thanks to Luca Monducci <email address hidden>. (Closes: #477718)
  * Brazilian Portuguese, thanks to Eder L. Marques <email address hidden>
    (Closes: #480172)
  * Portuguese, thanks to Tiago Fernandes <email address hidden>
    (Closes: #481126)
  * Russian, thanks to Yuri Kozlov <email address hidden> (Closes: #481214)
  * Dutch, thanks to "cobaco (aka Bart Cornelis)" <email address hidden>.
    Closes: #483014.

  [ Matthijs Mohlmann ]
  * New upstream release.
    - Bad entryUUID no longer crashes slapd. (Closes: #471867)
    - Fix assertion failure in some modify operations. (Closes: #474161)
    - Mention index in slapd.conf's man page. (Closes: #414650)
    - Fixes to slapd include handl...

Read more...

Changed in openldap2.3:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.