ns-slapd crash at startup - Segmentation fault in strcmpi_fast() when the Referential Integrity log is manually edited

[mreynolds389]

Issue Description

ns-slapd will crash at startup if the Referential Integrity plugin log is manually edited and contains data.

Version-Release number of selected component (if applicable):

rpm -qa | grep 389-ds-base

389-ds-base-debuginfo-1.3.5.10-18.el7_3.x86_64
389-ds-base-1.3.5.10-18.el7_3.x86_64
389-ds-base-libs-1.3.5.10-18.el7_3.x86_64

How reproducible:

Always.

Steps to Reproduce:

a) Stop ns-slapd

b) Edit manually the Referential Integrity plugin log file:

grep referint-logfile /etc/dirsrv/slapd-/dse.ldif

referint-logfile: /var/log/dirsrv/slapd-/referint

echo TEST > /var/log/dirsrv/slapd-/referint

c) Start ns-slapd

Actual results:

start-dirsrv

Job for dirsrv@.service failed because a fatal signal was delivered to the control process. See "systemctl status dirsrv@.service" and "journalctl -xe" for details.

Expected results:

A successful startup.

Additional info:

strace start-dirsrv

...

rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x43e670, [], SA_RESTORER, 0x7f80fa673250}, {SIG_DFL, [], SA_RESTORER, 0x7f80fa673250}, 8) = 0
wait4(-1, Job for dirsrv@.service failed because a fatal signal was delivered to the control process. See "systemctl status dirsrv@.service" and "journalctl -xe" for details.
[{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 10619
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10619, si_status=1, si_utime=0, si_stime=0} ---
wait4(-1, 0x7ffc940d4850, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn() = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x7f80fa673250}, {0x43e670, [], SA_RESTORER, 0x7f80fa673250}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
exit_group(1) = ?
+++ exited with 1 +++

gdb /usr/sbin/ns-slapd /var/spool/abrt/ccpp-2017-08-10-14:21:41-10633/coredump

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
...
Reading symbols from /usr/sbin/ns-slapd...Reading symbols from /usr/lib/debug/usr/sbin/ns-slapd.debug...done.
done.
[New LWP 10639]
[New LWP 10633]
[New LWP 10635]
[New LWP 10637]
[New LWP 10638]
[New LWP 10636]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/sbin/ns-slapd -D /etc/dirsrv/slapd- -i /var/run/dirsrv/slapd-.pi'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f89f52849f8 in strcmpi_fast (src=0x7f89f528556c "NULL", dst=0x1 <Address 0x1 out of bounds>) at ldap/servers/slapd/intrinsics.h:29
29 if ( ((f = (unsigned char)(*(dst++))) >= 'A') && (f <= 'Z') )
(gdb)
(gdb) where
#0 0x00007f89f52849f8 in strcmpi_fast (src=0x7f89f528556c "NULL", dst=0x1 <Address 0x1 out of bounds>) at ldap/servers/slapd/intrinsics.h:29
#1 referint_thread_func (arg=) at ldap/servers/plugins/referint/referint.c:1442
#2 0x00007f8a007d79bb in _pt_root (arg=0x7f8a03dcbf00) at ../../../nspr/pr/src/pthreads/ptthread.c:216
#3 0x00007f8a00177dc5 in start_thread (arg=0x7f89ebfff700) at pthread_create.c:308
#4 0x00007f89ffea673d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
(gdb)

Created from: https://bugzilla.redhat.com/show_bug.cgi?id=1480323

[mreynolds389]

bfb3880..f31010e 389-ds-base-1.4.4 -> 389-ds-base-1.4.4
03b39aef..506dce2 389-ds-base-1.4.3 -> 389-ds-base-1.4.3