-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-9.2.0.z
-
None
-
389-ds-base-3.1.3-5.el10_1
-
No
-
Low
-
ZStream
-
rhel-idm-ds
-
0
-
False
-
False
-
-
No
-
None
-
Regression Exception
-
Pass
-
RegressionOnly
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Issue Description
Heap use after free when logging that the replicaton keep-alive entry can not be created:
==1894806==ERROR: AddressSanitizer: heap-use-after-free on address 0x510000509e50 at pc 0x7fb066e4a806 bp 0x7fab5aef2340 sp 0x7fab5aef2338
READ of size 8 at 0x510000509e50 thread T6
#0 0x7fb066e4a805 in slapi_sdn_get_dn (/usr/lib64/dirsrv/libslapd.so.0+0x4a805) (BuildId: f099de2a8aa9e8e503e13eff09dae4deafcc4ad6)
#1 0x7fb05ff0d0dc in replica_subentry_create ldap/servers/plugins/replication/repl5_replica.c:468
#2 0x7fb05ff0d0dc in replica_subentry_check ldap/servers/plugins/replication/repl5_replica.c:505
#3 0x7fb05ff0d420 in replica_subentry_update ldap/servers/plugins/replication/repl5_replica.c:543
#4 0x7fb066e73b1f in eq_call_all_rel ldap/servers/slapd/eventq.c:278
#5 0x7fb066e73b1f in eq_loop_rel ldap/servers/slapd/eventq.c:324
#6 0x7fb067b71376 in _pt_root (/lib64/libnspr4.so+0x23376) (BuildId: fa7dc258da2c207de5d157c34e1023780f382d96)
#7 0x7fb067428d45 in asan_thread_start(void*) (/lib64/libasan.so.8+0x28d45) (BuildId: 89c230c891879ee538159d2e56f56784c84db409)
#8 0x7fb066c7d723 in start_thread (/lib64/libc.so.6+0x71723) (BuildId: 8d0812d9e0a232d8c2f08880afc3718f055805e6)
#9 0x7fb066d0180b in __clone3 (/lib64/libc.so.6+0xf580b) (BuildId: 8d0812d9e0a232d8c2f08880afc3718f055805e6)
0x510000509e50 is located 16 bytes inside of 184-byte region [0x510000509e40,0x510000509ef8)
freed by thread T6 here:
#0 0x7fb0674c1518 in free.part.0 (/lib64/libasan.so.8+0xc1518) (BuildId: 89c230c891879ee538159d2e56f56784c84db409)
#1 0x7fb066e2785c in slapi_ch_free (/usr/lib64/dirsrv/libslapd.so.0+0x2785c) (BuildId: f099de2a8aa9e8e503e13eff09dae4deafcc4ad6)
#2 0x7fb066e5192a in slapi_entry_free (/usr/lib64/dirsrv/libslapd.so.0+0x5192a) (BuildId: f099de2a8aa9e8e503e13eff09dae4deafcc4ad6)
#3 0x7fb066e2240c in op_shared_add ldap/servers/slapd/add.c:853
#4 0x7fb066fef3d6 in add_internal_pb.isra.0 ldap/servers/slapd/add.c:485
#5 0x7fb066e125fc in slapi_add_internal_pb (/usr/lib64/dirsrv/libslapd.so.0+0x125fc) (BuildId: f099de2a8aa9e8e503e13eff09dae4deafcc4ad6)
#6 0x7fb05ff0d02e in replica_subentry_create ldap/servers/plugins/replication/repl5_replica.c:463
#7 0x7fb05ff0d02e in replica_subentry_check ldap/servers/plugins/replication/repl5_replica.c:505
#8 0x7fb05ff0d420 in replica_subentry_update ldap/servers/plugins/replication/repl5_replica.c:543
#9 0x7fb066e73b1f in eq_call_all_rel ldap/servers/slapd/eventq.c:278
#10 0x7fb066e73b1f in eq_loop_rel ldap/servers/slapd/eventq.c:324
#11 0x7fb067b71376 in _pt_root (/lib64/libnspr4.so+0x23376) (BuildId: fa7dc258da2c207de5d157c34e1023780f382d96)
#12 0x7fb067428d45 in asan_thread_start(void*) (/lib64/libasan.so.8+0x28d45) (BuildId: 89c230c891879ee538159d2e56f56784c84db409)
#13 0x7fb066c7d723 in start_thread (/lib64/libc.so.6+0x71723) (BuildId: 8d0812d9e0a232d8c2f08880afc3718f055805e6)
#14 0x7fb066d0180b in __clone3 (/lib64/libc.so.6+0xf580b) (BuildId: 8d0812d9e0a232d8c2f08880afc3718f055805e6)
previously allocated by thread T6 here:
#0 0x7fb0674c2230 in calloc (/lib64/libasan.so.8+0xc2230) (BuildId: 89c230c891879ee538159d2e56f56784c84db409)
#1 0x7fb066e34345 in slapi_ch_calloc (/usr/lib64/dirsrv/libslapd.so.0+0x34345) (BuildId: f099de2a8aa9e8e503e13eff09dae4deafcc4ad6)
#2 0x7fb066e514bb in slapi_entry_alloc (/usr/lib64/dirsrv/libslapd.so.0+0x514bb) (BuildId: f099de2a8aa9e8e503e13eff09dae4deafcc4ad6)
#3 0x7fb066e56ff8 in str2entry_fast ldap/servers/slapd/entry.c:230
#4 0x7fb066e5bc60 in slapi_str2entry (/usr/lib64/dirsrv/libslapd.so.0+0x5bc60) (BuildId: f099de2a8aa9e8e503e13eff09dae4deafcc4ad6)
#5 0x7fb05ff0cff9 in replica_subentry_create ldap/servers/plugins/replication/repl5_replica.c:455
#6 0x7fb05ff0cff9 in replica_subentry_check ldap/servers/plugins/replication/repl5_replica.c:505
#7 0x7fb05ff0d420 in replica_subentry_update ldap/servers/plugins/replication/repl5_replica.c:543
#8 0x7fb066e73b1f in eq_call_all_rel ldap/servers/slapd/eventq.c:278
#9 0x7fb066e73b1f in eq_loop_rel ldap/servers/slapd/eventq.c:324
#10 0x7fb067b71376 in _pt_root (/lib64/libnspr4.so+0x23376) (BuildId: fa7dc258da2c207de5d157c34e1023780f382d96)
#11 0x7fb067428d45 in asan_thread_start(void*) (/lib64/libasan.so.8+0x28d45) (BuildId: 89c230c891879ee538159d2e56f56784c84db409)
#12 0x7fb066c7d723 in start_thread (/lib64/libc.so.6+0x71723) (BuildId: 8d0812d9e0a232d8c2f08880afc3718f055805e6)
#13 0x7fb066d0180b in __clone3 (/lib64/libc.so.6+0xf580b) (BuildId: 8d0812d9e0a232d8c2f08880afc3718f055805e6)
- links to
-
RHBA-2025:151590
389-ds-base update