IBM Support

IR50307: SW DIRECTORY CODE TRIES TO FREE THE SAME POINTER TWICE WHEN THERE IS AN ERROR FROM OPEN_DEFAULT_CONNECTION

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ENVIRONMENT:
SWD Server: 3.2.1 efix 5    SWD Client: 3.2.1
        OS: Win 2000 Advanced Server SP2
       DB2: 7.2 FP5
     GSKIT: 4
       JDK: not applicable
 Webserver: not applicable
  Keywords: Secureway Directory, SWD, ISWD, ldap, zzldapzz
     CMVC : #####
  Technote: ######
     Other: Policy Director 3.8 FP6
.
SYMPTOM:
1. Start webseal
2. Logon to webseal with user1
3. Stop the master LDAP
(At this moment WebSEAL is configured to failover to the replica
LDAP since the master LDAP will no longer be available)
4. Restart the browser and login to webseal with user2
.
The result is that webseal will fail (or in some case consume
all the CPU usage and will freeze)
.
here is an excert from debug.log that was collected when the
problem happened....
log file opened
0:017> g
eax=017a0b28 ebx=00000002 ecx=017a0b28 edx=00640230 esi=00282570
edi=017a0a38 eip=0033c475 esp=02c6f764 ebp=02c6f768 iopl=0
nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
efl=00000206 ldap!ldap_sasl_bind_direct+2ab38:
0033c475 ff1560253700 call dword ptr [ldap+0x62560
(00372560)]{MSVCRT!free (780010ed)} ds:0023:00372560=780010ed
0:017> g HEAP[webseald.exe]: Invalid Address specified to
RtlFreeHeap( 640000, 640230 )
eax=00640228 ebx=00640228 ecx=02c6f5c0 edx=02c6f35a esi=00640000
edi=00640228 eip=77f9f9df esp=02c6f540 ebp=02c6f544 iopl=0
nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
efl=00000202 ntdll!DbgBreakPoint:
77f9f9df cc               int     3
0:017> db 2c6f000
02c6f000  00 00 00 00 ed 02 f9 77-14 00 00 00 00 00 64 00
.......w......d.
02c6f010  01 00 00 00 b0 02 64 00-b0 02 64 00 04 00 00 00
......d...d.....
02c6f020  80 00 00 00 20 00 00 00-b0 02 64 00 01 00 00 00  ....
.....d.....
02c6f030  07 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
................
02c6f040  00 00 00 00 38 00 00 00-23 00 00 00 23 00 00 00
....8...#...#...
02c6f050  28 02 64 00 00 00 00 00-00 00 00 00 5a f3 c6 02
(.d.........Z...
02c6f060  20 f3 c6 02 bc f2 c6 02-38 f5 c6 02 77 fa f9 77
.......8...w..w
02c6f070  1b 00 c6 02 06 02 00 00-94 f2 c6 02 23 00 00 00
............#...
0:017> db
02c6f080  9c f2 c6 02 23 00 f9 77-2f 00 00 00 00 00 64 00
....#..w/.....d.
02c6f090  e8 02 64 00 e8 02 64 00-05 00 00 00 40 00 00 00
..d...d.....@...
02c6f0a0  80 00 00 00 e8 02 64 00-30 03 64 00 48 03 64 00
......d.0.d.H.d.
02c6f0b0  48 03 64 00 07 00 00 00-04 00 00 00 00 00 64 00
H.d...........d.
02c6f0c0  48 03 64 00 20 e2 73 01-00 00 64 00 28 e2 73 01  H.d.
.s...d.(.s.
02c6f0d0  90 01 00 00 90 01 00 00-e0 01 00 00 06 00 00 00
................
02c6f0e0  10 00 00 00 00 00 64 00-27 00 00 00 f8 01 00 00
......d.'.......
02c6f0f0  e0 40 7c 01 90 1e 7c 01-ff 6e fa 77 d8 1e 7c 01
.@|...|..n.w..|.
0:017> db
02c6f100  58 1e 7c 01 ff 6e fa 77-d0 1e 7c 01 bd 02 f9 77
X.|..n.w..|....w
02c6f110  ed 02 f9 77 50 00 00 00-00 00 64 00 01 00 00 00
...wP.....d.....
02c6f120  0d 00 00 00 e8 40 7c 01-38 00 00 00 10 41 7c 01
.....@|.8....A|.
02c6f130  8c ef c6 02 00 30 fa 7f-bc f1 c6 02 db 80 fb 77
.....0.........w
02c6f140  e8 40 7c 01 00 00 64 00-01 00 00 00 00 00 1c 01
.@|...d.........
02c6f150  60 35 fb 77 08 06 64 00-00 00 1c 01 00 00 00 00
`5.w..d.........
02c6f160  00 00 64 00 00 00 00 00-c8 03 64 00 b0 40 7c 01
..d.......d..@|.
02c6f170  00 40 7c 01 60 01 64 00-06 00 00 00 03 00 64 00
.@|.`.d.......d.
0:017> db
02c6f180  3a 00 00 00 00 01 64 00-00 00 10 00 e0 40 7c 01
:.....d......@|.
02c6f190  50 42 7c 01 00 00 00 00-00 00 7c 01 00 00 64 00
PB|.......|...d.
02c6f1a0  01 40 7c 01 e0 40 7c 01-e8 40 7c 01 b0 02 64 00
.@|..@|..@|...d.
02c6f1b0  b0 02 64 00 04 00 00 00-b8 02 64 00 b8 02 64 00
..d.......d...d.
02c6f1c0  05 00 00 00 01 00 00 00-ff ff ff ff b8 02 64 00
..............d.
02c6f1d0  60 01 00 00 60 01 00 00-69 01 00 50 98 01 00 00
`...`...i..P....
02c6f1e0  98 01 00 00 e8 02 64 00-06 00 00 00 20 00 00 00
......d..... ...
02c6f1f0  20 03 64 00 20 03 36 34-30 32 33 30 00 00 00 00   .d.
.640230....
0:017> db
02c6f200  05 00 00 00 10 00 00 00-00 00 00 00 48 40 7c 01
............H@|.
02c6f210  00 00 00 00 00 00 00 00-27 00 00 00 00 00 00 00
........'.......
02c6f220  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
................
02c6f230  3b 00 00 00 06 00 00 00-fa ff ff ff f6 f1 c6 02
;...............
02c6f240  10 00 00 00 7c f2 c6 02-c2 82 f9 77 5c f2 c6 02
....|......w\...
02c6f250  1b 49 fb 77 50 f5 c6 02-00 00 00 00 5b f3 c6 02
.I.wP.......[...
02c6f260  c4 01 00 00 20 f3 c6 02-42 00 00 00 28 f3 c6 02  ....
...B...(...
02c6f270  42 00 00 00 60 01 64 00-58 1e 7c 01 38 f5 c6 02
B...`.d.X.|.8...
0:017> db
02c6f280  06 82 f9 77 06 02 00 00-38 f5 c6 02 77 fa f9 77
...w....8...w..w
02c6f290  bc f2 c6 02 28 02 64 00-00 00 64 00 28 02 64 00
....(.d...d.(.d.
02c6f2a0  00 00 64 00 28 02 64 00-58 1e 7c 01 60 1e 7c 01
..d.(.d.X.|.`.|.
02c6f2b0  68 00 00 00 b8 1e 7c 01-14 f1 c6 02 06 00 01 40
h.....|........@
02c6f2c0  00 00 00 00 00 00 00 00-77 fa f9 77 02 00 00 00
........w..w....
02c6f2d0  3c 00 00 00 20 f3 c6 02-15 00 00 00 28 f3 c6 02  <...
.......(...
02c6f2e0  23 33 fb 77 00 00 00 00-00 00 64 00 00 00 00 00
#3.w......d.....
.
More Info:
The AP Lab in Japan has tested this and found a possible defect
in the ldap.dll binary (version 3.2.1 + patch 5)..
They have claimed that the code is trying to free the same
pointer twice..
This happens in the logic when the "error return" happens from
the open_defualt_connection (in the send_initial_request
procedure)
.
Also, the AP Lab have created a local fix (called
ldap.patch.dll) which will avoid this duplication and tested..
The problem did not happend after that..
.
NOTES:
1) Need L3 to verify what the AP lab has found and provide more
detail on what the failure is from the Directory standpoint.
2) Provide a fix if necessary.

Local fix

  • 



Problem summary


    

  • SW DIRECTORY CODE TRIES TO FREE THE SAME POINTER TWICE WHEN
THERE IS AN ERROR FROM OPEN_DEFAULT_CONNECTION

    



Problem conclusion


    

  • Fixed

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IR50307
    • 

  • Reported component name
    S'WAY DIR 3.2 N
    • 

  • Reported component ID
    5648D8700
    • 

  • Reported release
    322
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2003-01-16
    • 

  • Closed date
    2003-02-21
    • 

  • Last modified date
    2003-02-21
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IR49241
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
IR50343
    

    • 



Fix information


    

  • Fixed component name
    S'WAY DIR 3.2 N
    • 

  • Fixed component ID
    5648D8700
    • 



Applicable component levels


    

  • R322  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"322","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            21 February 2003
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback