Ubuntu
openldap2.3 package

[SRU] dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.

Bug #234196 reported by Anderson
8
Affects Status Importance Assigned to Milestone
openldap2.3 (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned

Bug Description

In slapo-unique(5) manpage, I read I was using deprecated directives in my LDAP configuration files:

overlay unique
>>>>> unique_attributes gidNumber uid uidNumber sambaSID
>>>>> unique_base ou=people,dc=cefetrs,dc=tche,dc=br

So, I changed to this:

overlay unique
>>>>> unique_uri ldap:///ou=people,dc=cefetrs,dc=tche,dc=br?uid,uidnumber,sambasid,mail?sub

And now, I get a failed assertion:
$ ./create-master-base.sh
slapadd: /build/buildd/openldap2.3-2.4.7/servers/slapd/dn.c:724: dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.
./create-master-base.sh: line 2: 28237 Cancelado slapadd -f slapd.conf -l data.ldif -b 'dc=cefetrs,dc=tche,dc=br'

This line shows the assertion fail in "slapadd" command, but it occurs in "slapd", if I use my main base.

Steps to reproduce (almost same steps in #227178):

# Download my attachment and extract the BZIP archive on an existing folder '/home/amg1127'.
# "cd" to '/home/amg1127/ldap
# Create the database from the included LDIF by running './create-master-base.sh'
# Got a SIGABRT
slapadd: /build/buildd/openldap2.3-2.4.7/servers/slapd/dn.c:724: dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.

# Remove /home/amg1127/ldap folder and entire content within
# Extract the BZIP archive on that folder again
# Edit the file /home/amg1127/ldap/maindb-commonparams.conf, comment line 45 and uncomment lines 42 and 43.
# Create the database from the included LDIF by running './create-master-base.sh'
# Edit the file /home/amg1127/ldap/maindb-commonparams.conf, uncomment line 45 and comment lines 42 and 43 (that is, undo the previous edition).
# Run the server: './run-master-slapd.sh'
# Got another SIGABRT
slapd: /build/buildd/openldap2.3-2.4.7/servers/slapd/dn.c:724: dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.

CVE References

Revision history for this message
Anderson (amg1127) wrote :
Revision history for this message
Anderson (amg1127) wrote :

Forgot an important information:

Using slapd 2.4.7-6ubuntu4.1 from Ubuntu Hardy in a x86 system.

Revision history for this message
Howard Chu (hyc) wrote :

Thanks for the report, a patch for this (ITS#5526) is now in OpenLDAP's CVS HEAD for testing.

Revision history for this message
Chuck Short (zulcss) wrote :

Hi,

Can you try the version of openldap in my archive, it may contain the fix for this bug:

http://launchpad.net/~zulcss/+archive

Thanks
chuck

Changed in openldap2.3:
status: New → Incomplete
Revision history for this message
Anderson (amg1127) wrote :
Download full text (4.2 KiB)

I installed your packages in another server and tested.

Now I get a very ulgy termination...

*** glibc detected *** /usr/sbin/slapd: double free or corruption (fasttop): 0x08218ca8 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7b76a85]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7b7a4f0]
/usr/lib/liblber-2.4.so.2(ber_memfree_x+0x4a)[0xb7ea6b9a]
/usr/lib/libldap_r-2.4.so.2(ldap_free_urldesc+0x63)[0xb7ed0653]
/usr/lib/ldap/unique-2.4.so.2[0xb7764863]
/usr/lib/ldap/unique-2.4.so.2[0xb7764acc]
/usr/sbin/slapd(config_set_vals+0xdc)[0x806bc7c]
/usr/sbin/slapd[0x80da518]
/usr/sbin/slapd(read_config_file+0x7dc)[0x806f1bc]
/usr/sbin/slapd[0x806159c]
/usr/sbin/slapd(config_set_vals+0xdc)[0x806bc7c]
/usr/sbin/slapd(read_config_file+0x510)[0x806eef0]
/usr/sbin/slapd[0x806159c]
/usr/sbin/slapd(config_set_vals+0xdc)[0x806bc7c]
/usr/sbin/slapd(read_config_file+0x510)[0x806eef0]
/usr/sbin/slapd(read_config+0x350)[0x806ac90]
/usr/sbin/slapd(main+0xa80)[0x805d4a0]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7b21450]
/usr/sbin/slapd[0x805c581]
======= Memory map: ========
08048000-08153000 r-xp 00000000 08:15 98756 /usr/sbin/slapd
08153000-08157000 rw-p 0010b000 08:15 98756 /usr/sbin/slapd
08157000-0821f000 rw-p 08157000 00:00 0 [heap]
b7600000-b7621000 rw-p b7600000 00:00 0
b7621000-b7700000 ---p b7621000 00:00 0
b7742000-b774c000 r-xp 00000000 08:15 12629 /lib/libgcc_s.so.1
b774c000-b774d000 rw-p 0000a000 08:15 12629 /lib/libgcc_s.so.1
b7759000-b7762000 r-xp 00000000 08:15 98654 /usr/lib/ldap/accesslog-2.4.so.2.0.3
b7762000-b7763000 rw-p 00008000 08:15 98654 /usr/lib/ldap/accesslog-2.4.so.2.0.3
b7763000-b7768000 r-xp 00000000 08:15 98655 /usr/lib/ldap/unique-2.4.so.2.0.3
b7768000-b7769000 rw-p 00004000 08:15 98655 /usr/lib/ldap/unique-2.4.so.2.0.3
b7769000-b7773000 r-xp 00000000 08:15 98676 /usr/lib/ldap/syncprov-2.4.so.2.0.3
b7773000-b7774000 rw-p 00009000 08:15 98676 /usr/lib/ldap/syncprov-2.4.so.2.0.3
b7774000-b779e000 r-xp 00000000 08:15 98688 /usr/lib/ldap/back_hdb-2.4.so.2.0.3
b779e000-b779f000 rw-p 00029000 08:15 98688 /usr/lib/ldap/back_hdb-2.4.so.2.0.3
b779f000-b77ab000 rw-p b779f000 00:00 0
b77ab000-b77d3000 r-xp 00000000 08:15 98689 /usr/lib/ldap/back_bdb-2.4.so.2.0.3
b77d3000-b77d4000 rw-p 00028000 08:15 98689 /usr/lib/ldap/back_bdb-2.4.so.2.0.3
b77d4000-b77e0000 rw-p b77d4000 00:00 0
b77e0000-b77e3000 r-xp 00000000 08:15 17800 /usr/lib/sasl2/libanonymous.so.2.0.22
b77e3000-b77e4000 rw-p 00002000 08:15 17800 /usr/lib/sasl2/libanonymous.so.2.0.22
b77e4000-b77e8000 r-xp 00000000 08:15 17821 /usr/lib/sasl2/libcrammd5.so.2.0.22
b77e8000-b77e9000 rw-p 00003000 08:15 17821 /usr/lib/sasl2/libcrammd5.so.2.0.22
b77e9000-b7913000 r-xp 00000000 08:15 3712 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7913000-b7928000 rw-p 00129000 08:15 3712 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7928000-b792c000 rw-p b7928000 00:00 0
b792c000-b7936000 r-xp 00000000 08:15 17826 /usr/lib/sasl2/libdigestmd5.so.2.0.22
b7936000-b7937000 rw-p 0000a000 08:15 17826 /usr/lib/sasl2/libdigestmd5.so.2.0.22
b7937000-b7a5c000 r-xp 00000000 08:...

Read more...

Revision history for this message
Howard Chu (hyc) wrote :

Thanks for catching that. Should also be fixed in OpenLDAP CVS now.

Revision history for this message
Chuck Short (zulcss) wrote :

Hi,

Can you try the updated package in my ppa?

Thanks
chuck

Revision history for this message
Anderson (amg1127) wrote :

I couldn't see the assertion fail and unique attributes is enforced as I solicited.

I think the bug got fixed now. :-)

-------------------------

I have a comment: I saw the Changelog and found a fix for bug #21904. It shoudn't be #215904?

Revision history for this message
Chuck Short (zulcss) wrote :

These arent the offical fixes for your bug in my ppa. These will be uploaded shorty.

Thanks
chuck

Revision history for this message
Chuck Short (zulcss) wrote :

Recently a new bug was found because of this issue and fixed in openldap cvs HEAD. I had filed a bug about it in the openldap bug tracker and it was recently fixed. I had backported the fix to 2.4.7. I have attached the patch which fixes this issue.

TEST CASE:

1. Run the following tests mentioned in the above bug report.
2. Verifty that it has been fixed.

If you have any questions please let me know.

Thanks
chuck

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here

Changed in openldap2.3:
status: New → Fix Committed
Revision history for this message
Anderson (amg1127) wrote :

My feedback:

slapd-2.4.7-6ubuntu4.2 runs well on the production environment since Tue, 27 May 2008 22:36:03 -0300 (almost 12 hours ago). No assertion fails or crashes.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package openldap2.3 - 2.4.9-1ubuntu1

---------------
openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/apparmor-profile: add AppArmor profile
    - debian/slapd.postinst: Reload AA profile on configuration
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
      to make sure that if earlier version of apparmour-profiles gets
      installed it won't overwrite our profile.
    - Modify Maintainer value to match the DebianMaintainerField
      speficication.
    - follow ApparmorProfileMigration and force apparmor compalin mode on
      some upgrades (LP: #203529)
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.preinst: create symlink for force-complain on pre-feisty
      upgrades, upgrades where apparmor-profiles profile is unchanged (ie
      non-enforcing) and upgrades where apparmor profile does not exist.
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
    - debian/rules, debian/slapd.links: use hard links to slapd instead of
      symlinks for slap* so these applications aren't confined by apparmor
      (LP: #203898)
    - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
      (LP: #215904)
    - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
      error. (LP: #234196)
    - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
      (LP: #220724)
    - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
      upstream.
   * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
     the ucred struct now.

openldap2.3 (2.4.9-1) unstable; urgency=low

  [ Updated debconf translations ]
  * French, thanks to Christian Perrier <email address hidden>.
    Closes: #471792.
  * Finnish, thanks to Esko Arajärvi <email address hidden>. Closes: #475238.
  * Czech, thanks to Miroslav Kure <email address hidden>.
    Closes: #480138.
  * Basque, thanks to Piarres Beobide <email address hidden>.
    Closes: #480177.
  * Vietnamese, thanks to Clytie Siddall <email address hidden>.
    Closes: #480181.
  * Galician, thanks to Jacobo Tarrio <email address hidden>. Closes: #480218.
  * Japanese, thanks to Kenshi Muto <email address hidden>. Closes: #480247.
  * Italian, thanks to Luca Monducci <email address hidden>. (Closes: #477718)
  * Brazilian Portuguese, thanks to Eder L. Marques <email address hidden>
    (Closes: #480172)
  * Portuguese, thanks to Tiago Fernandes <email address hidden>
    (Closes: #481126)
  * Russian, thanks to Yuri Kozlov <email address hidden> (Closes: #481214)
  * Dutch, thanks to "cobaco (aka Bart Cornelis)" <email address hidden>.
    Closes: #483014.

  [ Matthijs Mohlmann ]
  * New upstream release.
    - Bad entryUUID no longer crashes slapd. (Closes: #471867)
    - Fix assertion failure in some modify operations. (Closes: #474161)
    - Mention index in slapd.conf's man page. (Closes: #414650)
    - Fixes to slapd include handl...

Read more...

Changed in openldap2.3:
status: Incomplete → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in openldap2.3:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Patches

Remote bug watches

Bug watches keep track of this bug in other bug trackers.