openldap-bugs

openldap-bugs@openldap.org

1 participants
21001 discussions

[Issue 10342] New: Potential Memory Leak in function mdb_txn_begin
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=10342 Issue ID: 10342 Summary: Potential Memory Leak in function mdb_txn_begin Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: alexguo1023(a)gmail.com Target Milestone: --- Created attachment 1069 --> https://bugs.openldap.org/attachment.cgi?id=1069&action=edit Free txn->mt_u.dirty_list before freeing txn The function `mdb_txn_begin` allocates the dirty list via ```c txn->mt_u.dirty_list = malloc(sizeof(MDB_ID2) * MDB_IDL_UM_SIZE); ``` Later, when `txn != env->me_txn0`, it calls ```c free(txn); ``` without first freeing `txn->mt_u.dirty_list`. This orphaned allocation leads to a memory leak. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 10340] New: Potential Buffer Overflow in mdb_rebalance
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=10340 Issue ID: 10340 Summary: Potential Buffer Overflow in mdb_rebalance Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: alexguo1023(a)gmail.com Target Milestone: --- Created attachment 1067 --> https://bugs.openldap.org/attachment.cgi?id=1067&action=edit Add an early return when `mc->mc_top == 0` In `mdb_rebalance`, we do: ```c int ptop = mc->mc_top - 1; node = mc->mc_pg[ptop]; ``` However, `mc->mc_top` defaults to 0 in many contexts, so `ptop` can become `-1`. Indexing `mc->mc_pg[-1]` causes invalid memory access. Elsewhere this is handled by checking `mc->mc_top > 0` before decrementing. To fix this, we add an early return when `mc->mc_top == 0`. A root page (or one without a parent) doesn’t need rebalancing, so this guard prevents `ptop` from ever being negative and eliminates the out-of-bounds access. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 10341] New: Two potential buffer overruns in function mdb_cmp_cint.
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=10341 Issue ID: 10341 Summary: Two potential buffer overruns in function mdb_cmp_cint. Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: alexguo1023(a)gmail.com Target Milestone: --- Created attachment 1068 --> https://bugs.openldap.org/attachment.cgi?id=1068&action=edit Patch: Fix buffer overrun in function mdb_cmp_cint We found two potential bugs in `mdb_cmp_cint`’s backward‐scan loop: ```c u = (unsigned short *)((char *)a->mv_data + a->mv_size); c = (unsigned short *)((char *)b->mv_data + a->mv_size); do { x = *--u - *--c; } while (!x && u > (unsigned short *)a->mv_data); ``` 1. **Underflow when `a->mv_size == 0`** If `a->mv_size` is zero, `u` is initialized to point one past the end of the zero‐length buffer. The first `--u` then moves it before `a->mv_data`, and the subsequent dereference is undefined. The original API allows lengths from 0 to `0xFFFFFFFF`, so a zero length is possible can could lead to pointer underflow here. 2. **Overflow of `b->mv_data` when `b->mv_size < a->mv_size`** The code uses `a->mv_size` to advance both `u` and `c`, and only bounds‐checks `u`. If `b->mv_size` is smaller than `a->mv_size`, `c` may run past the end of its buffer before the loop terminates, causing a buffer overrun. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 6083] ppolicy should also support invocation of an external password checker
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=6083 --- Comment #6 from Howard Chu <hyc(a)openldap.org> --- (In reply to Heiko Zelt from comment #4) > PS: and I would like to check, if a password is compromised. I already have > an external checker for this. It just needs an interface to OpenLDAP. > Information about compromised passwords and it's importance can be found at > https://haveibeenpwned.com/ To be clear - you should write your own pwdCheckModule that interfaces to whatever you want to talk to. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 10353] New: No TLS connection on Windows because of missing ENOTCONN in socket.h
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=10353 Issue ID: 10353 Summary: No TLS connection on Windows because of missing ENOTCONN in socket.h Product: OpenLDAP Version: 2.6.10 Hardware: All OS: Windows Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: julien.wadel(a)belledonne-communications.com Target Milestone: --- On Windows, the TLS connection cannot be done and we get the connection error: Can't contact LDAP server. => Connections are done with WSAGetLastError(). After getting WSAEWOULDBLOCK, the connection is not restart because of the state WSAENOTCONN that is not known. OpenLDAP use ENOTCONN that is set to 126 by "ucrt/errno.h" while WSAENOTCONN is 10057L. Adding #define ENOTCONN WSAENOTCONN like for EWOULDBLOCK resolve the issue. Reference commit on external project: https://gitlab.linphone.org/BC/public/external/openldap/-/commit/62fbfb12e8… -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 10352] New: minor: Improve documentation of option "-n" for ldapdelete
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=10352 Issue ID: 10352 Summary: minor: Improve documentation of option "-n" for ldapdelete Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: u.windl(a)ukr.de Target Milestone: --- The documentation for option "-n" in ldapdelete says: "Show what would be done, but don't actually delete entries. Useful for debugging in conjunction with -v." However using option "-n" without option "-v" does not output anything! So the description should be improved, or "-n" should implicitly enable option "-v". Specifically it's not obvious what "Useful for debugging in conjunction with -v." refers to. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 10350] New: Free ch_calloc-allocated memory in error paths
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=10350 Issue ID: 10350 Summary: Free ch_calloc-allocated memory in error paths Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: alexguo1023(a)gmail.com Target Milestone: --- Created attachment 1079 --> https://bugs.openldap.org/attachment.cgi?id=1079&action=edit Free ch_calloc-allocated memory in error paths 1. In aa_operational, bv_allowed and bv_effective are allocated via ch_calloc. If ja == 0 or je == 0, these memory objects are never freed and do not escape the function, causing potential memory leak. 2. In memberof_db_init, the memory allocated by ch_calloc isn’t released on error paths, leading to another potential leak. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10351] New: olcSaslHost lacks default value
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=10351 Issue ID: 10351 Summary: olcSaslHost lacks default value Product: OpenLDAP Version: 2.5.13 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: fredrik(a)falk-net.se Target Milestone: --- I'm trying to configure multi-master replication with SASL for cn=config and some other databases. However, I'm running into an issue with GSSAPI/SASL as it also syncs olcSaslHost, which has to be unique to each host in order to work. I'd like if olcSaslHost was left empty then it'd default to the hostname/FQDN of the host running slapd, which would resolve the issue. This issue has been encountered before: https://www.openldap.org/lists/openldap-technical/201508/msg00124.html https://www.openldap.org/lists/openldap-technical/201001/msg00048.html -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 6083] ppolicy should also support invocation of an external password checker
by openldap-its＠openldap.org 10 Jun '25

10 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=6083 --- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Wed, Jun 04, 2025 at 10:59:16AM +0000, openldap-its(a)openldap.org wrote: > PS: and I would like to check, if a password is compromised. I already have an > external checker for this. It just needs an interface to OpenLDAP. Information > about compromised passwords and it's importance can be found at > https://haveibeenpwned.com/ Hi Heiko, if that's what you need, you could write your own policy checker wrapper. If you feel you can design an interface fit for wider use, you can even submit it for inclusion and it will be considered. But remember the slapd-sock overlay exists already and should be able to intercept the password change just fine if you don't need access to the rest of the entry being changed. Thanks, -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6083] ppolicy should also support invocation of an external password checker
by openldap-its＠openldap.org 04 Jun '25

04 Jun '25

https://bugs.openldap.org/show_bug.cgi?id=6083 --- Comment #4 from Heiko Zelt <hz(a)heikozelt.de> --- PS: and I would like to check, if a password is compromised. I already have an external checker for this. It just needs an interface to OpenLDAP. Information about compromised passwords and it's importance can be found at https://haveibeenpwned.com/ -- You are receiving this mail because: You are on the CC list for the issue.

1 0

← Newer
1
2
3
4
5
6
7
...
2101
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs