August 2015 - openldap-bugs

by hyc＠symas.com

Adrian.Raemy(a)vtg.admin.ch wrote: > Dear Howard, > > The fix runs stable now over weeks.=20 > slapd didn't crashed anymore. Thank you for the help. > > I guess we can close the ticket. Thanks for the followup. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 1 month

1
0
0 / 0

Re: (ITS#8218) segfault on sasl auth with malformed URI in config

by hyc＠symas.com

best(a)univention.de wrote: > Full_Name: > Version: 2.4.40-1 > OS: debian / UCS 4.1 amd64 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (82.198.197.8) > > > A malformed URI in the sasl-regexp directive of slapd.conf caused a segfault of > slapd. > > """ > sasl-regexp > uid=(.*),cn=saml,cn=auth > ldap:///0.0.0.0:7389,389/"dc=dev,dc=local"??sub?uid=$1 > """ > The URI starts with 3 slashes after the scheme instead of 2 slashes. > > When doing authentication via SASL /usr/sbin/slapd segfaults. Thanks for the report, fixed in git master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 1 month

1
0
0 / 0

Re: (ITS#8046) query caused slapd to stop

by hyc＠symas.com

Howard Chu wrote: > Ryan Tandy wrote: >> Hi again, >> >> 9d9913392a0346e23f07e65d7d0964c84e2c1277 is the first bad commit >> commit 9d9913392a0346e23f07e65d7d0964c84e2c1277 >> Author: Howard Chu <hyc(a)openldap.org> >> Date: Thu Sep 18 02:06:38 2014 +0100 >> >> ITS#7942 plug leak in controls >> >> Reverting 8bdd54c and 9d99133 fixes the crash. >> >> I suppose it should probably get a CVE, and so on... >> > git history shows vrFilter_free has been broken ever since Kurt wrote it in > 2002. Which pretty much means it was never getting called until #7942 plugged > that memory leak. > For future reference, this was registered as CVE-2015-1546 -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 1 month

1
0
0 / 0

Re: (ITS#8027) ldapsearch -E deref=member: crashes slapd

by hyc＠symas.com

Howard Chu wrote: > ryan(a)nardis.ca wrote: >> Full_Name: Ryan Tandy >> Version: master (7df548d), RE24 (2b14bbc) >> OS: Debian unstable >> URL: >> Submission from: (NULL) (142.32.208.227) >> >> >> If you use the deref control but leave the list of requested attributes empty, >> slapd crashes. >> >> ldapsearch [...] -E deref=member: > >> The ldapsearch manpage implies this probably isn't valid, but it still accepted >> it. (FWIW, I tried it just to see whether it would return all attributes or >> none.) I couldn't tell from draft-ldap-deref-00 whether an empty attr list is >> considered a valid request. >> > Patched in master to reject a request with an empty attr list. > For future reference, this was registered as CVE-2015-1545. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 1 month

1
0
0 / 0

Re: (ITS#8114) [WIP] WiredTiger Backend for OpenLDAP

by hyc＠symas.com

hamano(a)osstech.co.jp wrote: > Full_Name: HAMANO Tsukasa > Version: master > OS: Linux > URL: https://www.osstech.co.jp/download/hamano/openldap/0001-OpenLDAP-WiredTig... > Submission from: (NULL) (183.77.250.155) > > > The attached patch file is derived from OpenLDAP Software. All of the > modifications to OpenLDAP Software represented in the following > patch(es) were developed by HAMANO Tsukasa <hamano(a)osstech.co.jp>. I > have not assigned rights and/or interest in this work to any party. > > Copyright 2015 HAMANO Tsukasa <hamano(a)osstech.co.jp> > Redistribution and use in source and binary forms, with or without > modification, are permitted only as authorized by the OpenLDAP Public > License. I've merged patches 0001-0004 and added this to git master. Thanks for the contribution. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 1 month

1
0
0 / 0

Re: (ITS#8069) MDb library patch: Use explicit Windows API functions for char* strings

by hyc＠symas.com

pmedvedev(a)gmail.com wrote: > Full_Name: Pavel Medvedev > Version: > OS: Windows 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (217.25.225.40) > > > Most Windows API functions such as CreateFile(), CreateMutex(), > OpenMutex() that accept string arguments, are defined with suffix W or A > for appropriate wchar_t* or char* strings, depending of _UNICODE > preprocessor define. Calling explicit functions with A suffix would eliminate > compile errors when _UNICODE is defined. Thanks, committed to mdb.master. > > As a further enhancement, I think path argument encoding should be documented > (probably UTF-8?) for such functions as mdb_env_open(), mdb_env_copy(), > mdb_env_copy2(), and mdb_env_get_path(). This prevent possible problems with > non-latin characters in path names on Windows. > > In this case, LMDB implementation on Windows should perform path > conversion to UTF-16 and explicit call to CreateFileW() in mdb_env_open() > and mdb_env_copy2() functions. We've been discussing this change on and off for a while. That sounds like the correct approach; patches welcome. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 1 month

1
0
0 / 0

Re: (ITS#8068) MDB library patch: Using IsWindowsVersionOrGreater() instead of obsolete GetVersion()

by hyc＠symas.com

pmedvedev(a)gmail.com wrote: > Full_Name: Pavel Medvedev > Version: > OS: Windows 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (217.25.225.40) I'm unable to compile with this patch. The API appears to be missing from older versions of the Windows SDK. MSDN says it's from the Windows 8.1 SDK. Closing this ITS. > > > --- > libraries/liblmdb/mdb.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c > index 65293f4..a54ce83 100644 > --- a/libraries/liblmdb/mdb.c > +++ b/libraries/liblmdb/mdb.c > @@ -239,6 +239,7 @@ union semun { > #endif > > #ifdef _WIN32 > +#include <VersionHelpers.h> > #define MDB_USE_HASH 1 > #define MDB_PIDLOCK 0 > #define THREAD_RET DWORD > @@ -3998,8 +3999,7 @@ mdb_env_open2(MDB_env *env) > > #ifdef _WIN32 > /* See if we should use QueryLimited */ > - rc = GetVersion(); > - if ((rc & 0xff) > 5) > + if (IsWindowsVersionOrGreater(6, 0, 0)) > env->me_pidquery = MDB_PROCESS_QUERY_LIMITED_INFORMATION; > else > env->me_pidquery = PROCESS_QUERY_INFORMATION; > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 1 month

1
0
0 / 0

Re: (ITS#8217) Add msvc support to lmdb

by nacho.resa＠gmail.com

--001a113449f0607d15051daaa7f8 Content-Type: text/plain; charset=UTF-8 well, those bug reports overlap with my patch, but they completely lack adding the MSVC project, should I attach my patch there? On Wed, Aug 19, 2015 at 3:57 PM, Howard Chu <hyc(a)symas.com> wrote: > nacho.resa(a)gmail.com wrote: > >> Full_Name: Ignacio Casal Quinteiro >> Version: >> OS: Windows 7 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (83.30.165.68) >> >> >> On the url below you can find a fork that adds support for msvc builds: >> https://github.com/nice-software/lmdb/tree/wip/msvc >> >> https://github.com/nice-software/lmdb/commit/e871e736949dafee4e84f07c6cfb... >> > > This patch is largely a dup of ITSs #8067,8068,8069. > > Closing this ITS, use the previous ones instead. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > -- Ignacio Casal Quinteiro --001a113449f0607d15051daaa7f8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">well, those bug reports overlap with my patch, but they co= mpletely lack adding the MSVC project, should I attach my patch there?<br><= /div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed, Aug = 19, 2015 at 3:57 PM, Howard Chu <span dir=3D"ltr"><<a href=3D"mailto:hyc= @symas.com" target=3D"_blank">hyc(a)symas.com</a>></span> wrote:<br><block= quote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc= solid;padding-left:1ex"><a href=3D"mailto:nacho.resa@gmail.com" target=3D"= _blank">nacho.resa(a)gmail.com</a> wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> Full_Name: Ignacio Casal Quinteiro<br> Version:<br> OS: Windows 7<br> URL: <a href=3D"ftp://ftp.openldap.org/incoming/" rel=3D"noreferrer" target= =3D"_blank">ftp://ftp.openldap.org/incoming/</a><br> Submission from: (NULL) (83.30.165.68)<br> <br> <br> On the url below you can find a fork that adds support for msvc builds:<br> <a href=3D"https://github.com/nice-software/lmdb/tree/wip/msvc" rel=3D"nore= ferrer" target=3D"_blank">https://github.com/nice-software/lmdb/tree/wip/ms= vc</a><br> <a href=3D"https://github.com/nice-software/lmdb/commit/e871e736949dafee4e8= 4f07c6cfb1b1eceb57089" rel=3D"noreferrer" target=3D"_blank">https://github.= com/nice-software/lmdb/commit/e871e736949dafee4e84f07c6cfb1b1eceb57089</a><= br> </blockquote> <br> This patch is largely a dup of ITSs #8067,8068,8069.<br> <br> Closing this ITS, use the previous ones instead.<span class=3D"HOEnZb"><fon= t color=3D"#888888"><br> <br> -- <br> =C2=A0 -- Howard Chu<br> =C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"= http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www.symas= .com</a><br> =C2=A0 Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://highland= sun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun.com/h= yc/</a><br> =C2=A0 Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap.org/p= roject/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org/proje= ct/</a><br> </font></span></blockquote></div><br><br clear=3D"all"><br>-- <br><div clas= s=3D"gmail_signature">Ignacio Casal Quinteiro</div> </div> --001a113449f0607d15051daaa7f8--

8 years, 1 month

1
0
0 / 0

Re: (ITS#8217) Add msvc support to lmdb

by hyc＠symas.com

nacho.resa(a)gmail.com wrote: > Full_Name: Ignacio Casal Quinteiro > Version: > OS: Windows 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (83.30.165.68) > > > On the url below you can find a fork that adds support for msvc builds: > https://github.com/nice-software/lmdb/tree/wip/msvc > https://github.com/nice-software/lmdb/commit/e871e736949dafee4e84f07c6cfb... This patch is largely a dup of ITSs #8067,8068,8069. Closing this ITS, use the previous ones instead. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 1 month

1
0
0 / 0

(ITS#8220) refint performance issue

by hyc＠openldap.org

Full_Name: Howard Chu Version: 2.4 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.155.231.135) Submitted by: hyc The fix for ITS#5097 changed refint to support subtree renames. Unfortunately this required using dnSubtreeMatch extended search filters, which are not indexable, so every refint invocation invokes a search that scans the entire DB. This behavior isn't necessary; such an extensive search is only needed if we know that the entry being modified actually has children. If we know that the entry has no children, we can use the original code which used an equality match, which *is* indexable, and save significant overhead. Patch coming shortly.

8 years, 1 month

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2015