When an ldapsearch is executed, openldap slapd terminates with a segfault

Solution Verified - Updated -

Issue

  • When ldapsearch command was executed as follows, slapd outputted a core.

    ldapsearch -H "<server>" -x -b "ou=<valid-ou>"

    The backtrace of the core is as follows.

    -sh-4.2$ gdb -x ./gdbinit-14155
:
Core was generated by `/usr/sbin/slapd -u ldap -h ldapi:/// ldap:///'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000000048 in ?? ()
(gdb) bt
#0  0x0000000000000048 in ?? ()
#1  0x00007f2b0be0e541 in slap_writewait_play (op=0x7f2aa4102190) at result.c:294
#2  send_ldap_ber (op=op@entry=0x7f2aa4102190, ber=ber@entry=0x7f2aaee73310) at result.c:367
#3  0x00007f2b0be1211c in slap_send_search_entry (op=0x7f2aa4102190, rs=<optimized out>) at result.c:1430
#4  0x00007f2b058295e3 in ldap_back_search (op=0x7f2aa4102190, rs=<optimized out>) at search.c:365
#5  0x00007f2b0be6c926 in overlay_op_walk (op=op@entry=0x7f2aa4102190, rs=0x7f2aaee74960, which=op_search, oi=0x7f2b0ddd5a10, on=0x0) at backover.c:671
#6  0x00007f2b0be6ca94 in over_op_func (op=0x7f2aa4102190, rs=<optimized out>, which=<optimized out>) at backover.c:723
#7  0x00007f2b0be00d31 in fe_op_search (op=0x7f2aa4102190, rs=0x7f2aaee74960) at search.c:402
#8  0x00007f2b0be005e6 in do_search (op=<optimized out>, rs=<optimized out>) at search.c:247
#9  0x00007f2b0bdfdcbc in connection_operation (ctx=ctx@entry=0x7f2aaee74bd0, arg_v=arg_v@entry=0x7f2aa4102190) at connection.c:1155
#10 0x00007f2b0bdfe02b in connection_read_thread (ctx=0x7f2aaee74bd0, argv=0x29) at connection.c:1291
#11 0x00007f2b0b94de8a in ldap_int_thread_pool_wrapper () from debug/lib64/libldap_r-2.4.so.2
#12 0x00007f2b0ac15dc5 in start_thread () from debug/lib64/libpthread.so.0
#13 0x00007f2b0a0d6ced in clone () from debug/lib64/libc.so.6
(gdb) f 1
#1  0x00007f2b0be0e541 in slap_writewait_play (op=0x7f2aa4102190) at result.c:294
294     result.c: No such file or directory
(gdb) info local
sc = 0x7f2aa4000c58
(gdb) p *sc
$1 = {
  sc_next = 0x0,
  sc_response = 0x7f2b05610480 <pcache_response>,
  sc_cleanup = 0x7f2b05611860 <pcache_op_cleanup>,
  sc_writewait = 0x48,
                 ~~~~uninitialized data on the stack area.
  sc_private = 0x7f2aa4000c80
}
(gdb) x sc->sc_writewait
0x48:   Cannot access memory at address 0x48
(gdb)

    The Segmentation fault occurs at "result.c:294" which operates in search process. The processing of "result.c:294" is as follows.

     286 static void
 287 slap_writewait_play(
 288         Operation *op )
 289 {
 290         slap_callback   *sc = op->o_callback;
 291
 292         for ( ; sc; sc = sc->sc_next ) {
 293                 if ( sc->sc_writewait )
 294                         sc->sc_writewait( op, sc );
     *** If a value is set in sc_writewait, call that function.
 295         }
 296 }

Environment

  • Red Hat Enterprise Linux Version 7, minor releases below 7.3
  • Red Hat Enterprise Linux Version 6, minor releases below 6.8
  • openldap-servers

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content