httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43942] New: - httpd crashes while loading ldap attributes
Date Thu, 22 Nov 2007 17:49:09 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43942>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43942

           Summary: httpd crashes while loading ldap attributes
           Product: Apache httpd-2
           Version: 2.2.6
          Platform: Other
        OS/Version: AIX
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_authz_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: bernd.asf@emskeim.de


We wrote an authorisation module for integrating apache in our company's
security framework. This module is based on mod_authnz_ldap, and we can
reproduce our problem with mod_authnz_ldap as well.

The problem occurs when a large list of attribute-values is loaded from ldap. In
this case, the account, that causes the crash, has an ldap attribute
"slResolvedPermissions" with 3'500 values. These values are concatenated in
modules/ldap/util_ldap.c:uldap_cache_getuserdn() to a string of approx. 200k size.

During this the process receives a SegFault and coredumps after concatenating
2893 values and a string size of approx. 178'947 bytes.

Backtrace:

(gdb) bt
#0  0x0000f050 in ?? ()
#1  0xd21ceddc in apr_pstrcat (a=0x20239f20, __ellip=<incomplete type>) at
strings/apr_strings.c:165
#2  0x200c734c in uldap_cache_getuserdn (r=0x20239f58, ldc=0x200dd1b8,
url=0x20242808
"ldap://sphinxps:392/ou=accounts,dc=swisslife,dc=ch?cn,slResolvedPermissions",
    basedn=0x20242868 "ou=accounts,dc=swisslife,dc=ch", scope=2,
attrs=0x20242888, filter=0x2ff205f8 "(&(objectclass=*)(cn=IXED))",
binddn=0x2ff225f8, retvals=0x2ff225fc)
    at util_ldap.c:1240
#3  0x20075378 in authz_ldap_check_user_access (r=0x20239f58) at
mod_authnz_ldap.c:590
#4  0x1003bdec in ap_run_auth_checker (r=0x20239f58) at request.c:78
#5  0x1003e2c0 in ap_process_request_internal (r=0x20239f58) at request.c:202
#6  0x10043940 in ap_process_request (r=0x20239f58) at http_request.c:256
#7  0x1004c32c in ap_process_http_connection (c=0x2022dfd0) at http_core.c:184
#8  0x10035000 in ap_run_process_connection (c=0x2022dfd0) at connection.c:43
#9  0x10035a34 in ap_process_connection (c=0x2022dfd0, csd=0x2022def8) at
connection.c:178
#10 0x1000bda0 in child_main (child_num_arg=0) at prefork.c:640
#11 0x1000b77c in make_child (s=0x20025780, slot=0) at prefork.c:680
#12 0x1000c930 in ap_mpm_run (_pconf=0x200238e0, plog=0x20051a50, s=0x20025780)
at prefork.c:956
#13 0x10000e8c in main (argc=2, argv=0x2ff22b10) at main.c:730

Please not that line numbers in util_ldap.c are not accurate because of some
debug statements.

For reproducing this problem please set up an ldap server with an user as
described above; cn=username and a huge list of attributes slResolvedPermissions. 

Configure a directory with the following .hraccess:

AuthType basic
AuthBasicProvider file
AuthName "Secret Stuff"
AuthUserFile /home/bele/apache/htdocs/spxtest/secret/htpasswd

AuthLDAPURL
ldap://sphinxps:392/ou=accounts,dc=company,dc=com?cn,slResolvedPermissions

AuthLDAPBindDN "uid=Directory Reader,ou=Directory Users,dc=company,dc=com"
AuthLDAPBindPassword XXXXXX

Require ldap-attribute slResolvedPermissions=AV-K.BEST_AUSGABE.read


I could not reproduce this problem on Solaris, so this is probably AIX specific.
Compiler was xlc and alternatively gcc 4. Ldap library is openldap 2.3.39, httpd
is 2.2.6.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message