Issue #48801: Defect: ASAN issues 2016-04-22 - 389-ds-base

389-ds-base

#48801 Defect: ASAN issues 2016-04-22

Closed: wontfix None Opened 8 years ago by firstyear.

During stress test I noticed a number of issues. This is an umbrella to catch them as I fix them.

Issue 1) {{{ ================================================================= ==9403== ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f65085fed00 at pc 0x7f651eee302f bp 0x7f65085fec10 sp 0x7f65085fec00 WRITE of size 8 at 0x7f65085fed00 thread T11 #0 0x7f651eee302e (/opt/dirsrv/lib/dirsrv/libslapd.so.0.0.0+0x17202e) #1 0x7f65131381b2 (/opt/dirsrv/lib/dirsrv/plugins/libpassthru-plugin.so+0x61b2) #2 0x7f651eefbc51 (/opt/dirsrv/lib/dirsrv/libslapd.so.0.0.0+0x18ac51) #3 0x7f651eefb93f (/opt/dirsrv/lib/dirsrv/libslapd.so.0.0.0+0x18a93f) #4 0x7f651eef4d27 (/opt/dirsrv/lib/dirsrv/libslapd.so.0.0.0+0x183d27) #5 0x414bda (/opt/dirsrv/sbin/ns-slapd+0x414bda) #6 0x41efa5 (/opt/dirsrv/sbin/ns-slapd+0x41efa5) #7 0x42453f (/opt/dirsrv/sbin/ns-slapd+0x42453f) #8 0x7f651c5647ba (/usr/lib64/libnspr4.so+0x287ba) #9 0x7f651f304a97 (/usr/lib64/libasan.so.0.0.0+0x19a97) #10 0x7f651c327dc4 (/usr/lib64/libpthread-2.17.so+0x7dc4) #11 0x7f651c05528c (/usr/lib64/libc-2.17.so+0xf628c) }}} When symbolised correctly, this points to an issue in pblock.c: {{{ /* bind arguments */ case SLAPI_BIND_METHOD: if(pblock->pb_op!=NULL) { (*(ber_tag_t *)value) = pblock->pb_op->o_params.p.p_bind.bind_method; } break; }}} Which is triggered by ldap/servers/plugins/passthru/ptpreop.c: {{{ if ( slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method ) != 0 || }}} If we look at method, it is an int: {{{ int·· · rc, method, freeresctrls=1; }}} Yet, we are trying to insert a ber_tag_t. int is size 4, ber_tag_t is size 8. This is what causes the overflow.

firstyear commented 8 years ago

attachment
0001-Ticket-48801-ASAN-errors-during-tests.patch

firstyear commented 8 years ago

commit 4c66307
Total 7 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
016f0f9..4c66307 master -> master

Metadata Update from @firstyear:
- Issue assigned to firstyear
- Issue set to the milestone: 1.3.5.1

7 years ago

spichugi commented 3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1861

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Metadata

Assignee

firstyear

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

1.3.5.1

reviewstatus

ack

rhbz

None

origin

Community

389-ds-base

Source Code

#48801 Defect: ASAN issues 2016-04-22 Closed: wontfix None Opened 8 years ago by firstyear.

Metadata

#48801 Defect: ASAN issues 2016-04-22

Closed: wontfix None Opened 8 years ago by firstyear.