Ubuntu
openldap package

Bug #1593378
Activity log

Activity log for bug #1593378

Date	Who	What changed	Old value	New value	Message
2016-06-16 18:41:54	Eric Desrochers	bug			added bug
2016-06-16 19:21:16	Eric Desrochers	openldap (Ubuntu): importance	Undecided	Medium
2016-06-17 03:22:18	Eric Desrochers	openldap (Ubuntu): assignee		Eric Desrochers (slashd)
2016-06-17 13:10:45	Robie Basak	nominated for series		Ubuntu Trusty
2016-06-17 13:10:45	Robie Basak	bug task added		openldap (Ubuntu Trusty)
2016-06-17 13:13:02	Eric Desrochers	openldap (Ubuntu Trusty): assignee		Eric Desrochers (slashd)
2016-06-17 13:13:15	Eric Desrochers	tags		sts
2016-06-17 13:16:13	Eric Desrochers	openldap (Ubuntu Trusty): importance	Undecided	Medium
2016-06-17 13:29:26	Eric Desrochers	openldap (Ubuntu): status	New	Fix Released
2016-06-20 10:28:08	Amad Ali	bug			added subscriber Amad Ali
2016-06-20 15:05:55	Eric Desrochers	description	Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x00007f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=<optimized out>, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x00007f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x00007f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x00007f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x00007f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x00007f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x00007f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111	[Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=<BINDDN_COMMON_NAME>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>" -x -W -b "dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x00007f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=<optimized out>, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x00007f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x00007f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x00007f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x00007f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x00007f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x00007f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
2016-06-20 15:06:53	Eric Desrochers	description	[Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=<BINDDN_COMMON_NAME>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>" -x -W -b "dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x00007f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=<optimized out>, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x00007f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x00007f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x00007f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x00007f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x00007f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x00007f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111	[SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=<BINDDN_COMMON_NAME>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>" -x -W -b "dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x00007f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=<optimized out>, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x00007f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x00007f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x00007f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x00007f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x00007f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x00007f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
2016-06-20 18:52:06	Eric Desrochers	attachment added		lp1593378_trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1593378/+attachment/4687422/+files/lp1593378_trusty.debdiff
2016-06-20 18:52:41	Eric Desrochers	bug			added subscriber SRU Verification
2016-06-20 18:55:21	Eric Desrochers	openldap (Ubuntu Trusty): status	New	In Progress
2016-06-20 18:59:50	Eric Desrochers	tags	sts	sts ubuntu-sponsors
2016-06-20 19:01:53	Eric Desrochers	tags	sts ubuntu-sponsors	patch sts sts-sponsor sts-sru ubuntu-sponsors
2016-06-20 19:02:32	Eric Desrochers	bug			added subscriber Ubuntu Sponsors Team
2016-06-21 13:59:35	Eric Desrochers	description	[SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=<BINDDN_COMMON_NAME>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>" -x -W -b "dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x00007f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=<optimized out>, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x00007f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x00007f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x00007f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x00007f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x00007f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x00007f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111	[SRU JUSTIFICATION] [Impact] The effect of the bug on users is that the program (slapd) terminated with signal SIGSEGV, Segmentation fault when ldapsearch tries to query using multiple language tags. GDB output: ... Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. ... (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 ... In frame #1 the 'tags' struct is corrupt. Line #272 checks for duplication and jumps to the done label (line #294) when a duplicate is found. The code increases 'ntags' without filling in the tags struct with values. In later iterations this could lead to copying and using uninitialised memory. [Test Case] One way to reproduce the issue : $ ldapsearch -D "cn=<BINDDN_COMMON_NAME>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>,dc=<BINDDN_DOMAIN_COMPONENT>" -x -W -b "dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>,dc=<SEARCHPATH_DOMAIN_COMPONENT>" "cn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de;lang-encn;lang-de" Explanation : Reference: http://manpages.ubuntu.com/cgi-bin/search.py?q=ldapsearch -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. For SASL binds, the server is expected to ignore this value. -x Use simple authentication instead of SASL. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -b searchbase Use searchbase as the starting point for the search instead of the default. [Regression Potential] The patch is already in place in Debian & Wily and late Ubuntu release version. A hotfix has been tested by the user that originally reported the issue. The hotfix solves the issue. [Other Info] Upstream OpenLDAP Bug : http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7941;page=9 Upstream OpenLDAP Commit : af8f1e0 ITS#7941 fix for repeated tags Upstream OpenLDAP Commit Web : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0 (The commit has been introduced first in upstream branch : OPENLDAP_REL_ENG_2_4_40~6) [Original Description] Core was generated by `/usr/sbin/slapd -h ldap://<IP>:389 ldap://<IP>:389/ ldapi:/// -g o'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory. (gdb) bt #0 __strncasecmp_l_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210 #1 0x00007f674ae8cab2 in slap_bv2ad (bv=bv@entry=0x7f6741e0e830, ad=ad@entry=0x7f6741e0e848, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/ad.c:268 #2 0x00007f674ae4d235 in get_filter (op=op@entry=0x7f672c000a80, ber=<optimized out>, filt=filt@entry=0x7f672c000af0, text=text@entry=0x7f6741e0f980) at ../../../../servers/slapd/filter.c:190 #3 0x00007f674ae4b985 in do_search (op=0x7f672c000a80, rs=0x7f6741e0f960) at ../../../../servers/slapd/search.c:127 #4 0x00007f674ae496dc in connection_operation (ctx=ctx@entry=0x7f6741e0fb90, arg_v=arg_v@entry=0x7f672c000a80) at ../../../../servers/slapd/connection.c:1150 #5 0x00007f674ae49a40 in connection_read_thread (ctx=0x7f6741e0fb90, argv=0x19) at ../../../../servers/slapd/connection.c:1286 #6 0x00007f674a9a7aba in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x00007f67498dc182 in start_thread (arg=0x7f6741e10700) at pthread_create.c:312 #8 0x00007f674960947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
2016-06-24 15:33:42	Martin Pitt	openldap (Ubuntu Trusty): status	In Progress	Fix Committed
2016-06-24 15:33:44	Martin Pitt	bug			added subscriber Ubuntu Stable Release Updates Team
2016-06-24 15:33:52	Martin Pitt	tags	patch sts sts-sponsor sts-sru ubuntu-sponsors	patch sts sts-sponsor sts-sru ubuntu-sponsors verification-needed
2016-06-24 20:22:12	Eric Desrochers	tags	patch sts sts-sponsor sts-sru ubuntu-sponsors verification-needed	patch sts sts-sru ubuntu-sponsors verification-needed
2016-06-27 13:03:56	Robie Basak	removed subscriber Ubuntu Sponsors Team
2016-06-30 19:31:35	Eric Desrochers	tags	patch sts sts-sru ubuntu-sponsors verification-needed	patch sts sts-sru ubuntu-sponsors verification-done
2016-07-06 06:17:32	Launchpad Janitor	openldap (Ubuntu Trusty): status	Fix Committed	Fix Released
2016-07-06 06:17:37	Martin Pitt	removed subscriber Ubuntu Stable Release Updates Team
2016-11-09 12:22:35	Louis Bouchard	tags	patch sts sts-sru ubuntu-sponsors verification-done	patch sts ubuntu-sponsors verification-done
2017-05-22 23:50:37	amer lbunni	bug			added subscriber amer lbunni

Ubuntuopenldap package

Activity log for bug #1593378

Ubuntu
openldap package