Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 81438 - nss_ldap segfaults on big groups
Summary: nss_ldap segfaults on big groups
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap
Version: 9
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On:
Blocks: 79579 CambridgeTarget
TreeView+ depends on / blocked
 
Reported: 2003-01-09 15:04 UTC by Panu Matilainen
Modified: 2015-01-08 00:02 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-07-31 14:40:42 UTC
Embargoed:

Attachments (Terms of Use)

Description Panu Matilainen 2003-01-09 15:04:19 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20021216

Description of problem:
nss_ldap segfaults in presence of big(gish) groups on the ldap server. I'm not
sure what's the actual breakup point is, but for nss_ldap-198 and 202 its 100%
reproducible here with a group of 4793 users. Older versions (tested on RH7.2)
segfault much earlier, for nss_ldap-189-4 the breakup point seems to be 10 users
in a group.

I can "fix" it (tested on nss_ldap 198) by causing a memory leak by commenting
out "ldap_value_free (vals);" on line 158 of ldap-grp.c, after doing that I can
no more make it crash. Also it doesn't appear to be a null pointer since
changing it to
if (vals != NULL)
      ldap_value_free (vals);
doesn't help either. Oh and that doesn't help on nss_ldap-189..

Would be nice to have it fixed not just for the next release but for older
versions too... 



Version-Release number of selected component (if applicable): 189, 198, 202 at
least (haven't tried earlier versions)

How reproducible:
Always

Steps to Reproduce:
1. create a group of at least (?) 4793 users on ldap server
2. configure client to fetch user information from ldap
3. run 'id username'

    

Actual Results:  [pmatilai@es-adsl-soho-30-186 pmatilai]$ id pmatilai
Segmentation fault

Expected Results:  I should print out the list of groups..

Additional info:
Comment 1 Panu Matilainen 2003-01-09 15:07:33 UTC 
Forgot to mention: this is using RFC2307bis schema. If compiled without support
for that nss_ldap doesn't crash but then it doesn't provide much info either :)
Comment 2 Panu Matilainen 2003-02-11 08:45:28 UTC 
This might very well be fixed in nss_ldap-203:
http://bugzilla.padl.com/show_bug.cgi?id=121

Unfortunately I'm not able to actually test it currently as someone has pulled
the plug on the LDAP-server :(
Comment 3 Panu Matilainen 2003-02-11 11:40:36 UTC 
Confirmed now: after updating the current rawhide nss_ldap package to 203 it no
long segfaults.
Comment 4 Panu Matilainen 2003-07-31 14:40:42 UTC 
Severn has nss_ldap-207 and as mentioned earlier this was fixed in 203 already -
closing...
Note You need to log in before you can comment on or make changes to this bug.