openldap-bugs

openldap-bugs@openldap.org

1 participants
21001 discussions

(ITS#5559) slapo-pcache sizelimit caching not documented
by ando＠sys-net.it 14 Jun '08

14 Jun '08

Full_Name: Pierangelo Masarati Version: HEAD OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.63.140.131) Submitted by: ando The sizelimit caching feature, and related setting, are not documented in slapo-pcache(5) man page.

1 0

Re: (ITS#5549) slapd SEGV faults in entry_partsize when monitoring
by ando＠sys-net.it 14 Jun '08

14 Jun '08

andreas.mueller(a)othello.ch wrote: > Full_Name: Andreas Mueller > Version: 2.4.9 > OS: Solaris 10 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (193.134.170.35) > > > We have four slapd servers in a mirrormode configuration. > This generally works well. We monitor these servers using > ldapsearches to cn=Monitor every minute, and collect > performance data to construct load/performance graphs > with rrdtool. Unfortunately, it sometimes happens that > slapd crashes during the monitoring query. Using gdb, we > were able to get a stack backtrace: > > Core was generated by `/usr/local/libexec/slapd'. > Program terminated with signal 11, Segmentation fault. > #0 0x0005fd48 in entry_partsize () > (gdb) bt > #0 0x0005fd48 in entry_partsize () > #1 0x000603b4 in entry_flatsize () > #2 0x0006a5c8 in slap_send_search_entry () > #3 0x00134330 in monitor_send_children () > #4 0x001348e0 in monitor_back_search () > #5 0x000523ac in fe_op_search () > #6 0x00051b64 in do_search () > #7 0x0004dd8c in connection_operation () > #8 0x0004e4c4 in connection_read_thread () > #9 0x001a22a8 in ldap_int_thread_pool_wrapper () > #10 0xfe3c5800 in __tbl_10_huge_digits () from /lib/libc.so.1 > > All cores obtained so far show that the segmentation fault > occured at the same location inside entry_partsize. > > Unfortunately we cannot systematically reproduce this behaviour, > and we also cannot get the line number (binaries are stripped). > > We have not tried other versions or other platforms. For production, > we use the versions available in package form from www.sunfreeware.com, > but the error also happens on servers we have compiled ourselves from > the sources. You should run a non-stripped binary, in order to allow more useful information to be extracted from those core files. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: ando(a)sys-net.it -----------------------------------

1 0

Re: (ITS#5558) Buffer Overflow in back_sock and back_shell
by hyc＠symas.com 13 Jun '08

13 Jun '08

stef(a)memberwebs.com wrote: > Full_Name: Stef Walter > Version: openldap 2.4.10 > OS: FreeBSD 6.3-RELEASE-p2 > URL: http://memberwebs.com/stef/scraps/openldap24-buffer-overflow.patch > Submission from: (NULL) (189.162.38.105) > > > The back_sock and back_shell backends have a buffer overflow (off by one) > problem in their result parsing code in read_and_send_results() lines 82-89 in > result.c. The buffer is reallocated when an additional string would be too long > for the buffer, but the string's null terminator is not taken into account. > > This can cause a crash in certain situations. These situations are obviously > data and OS dependent. But with specific data, the crash is reproducible. > > Patch which fixes the problem: Thanks, now fixed in CVS HEAD. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5558) Buffer Overflow in back_sock and back_shell
by stef＠memberwebs.com 13 Jun '08

13 Jun '08

Full_Name: Stef Walter Version: openldap 2.4.10 OS: FreeBSD 6.3-RELEASE-p2 URL: http://memberwebs.com/stef/scraps/openldap24-buffer-overflow.patch Submission from: (NULL) (189.162.38.105) The back_sock and back_shell backends have a buffer overflow (off by one) problem in their result parsing code in read_and_send_results() lines 82-89 in result.c. The buffer is reallocated when an additional string would be too long for the buffer, but the string's null terminator is not taken into account. This can cause a crash in certain situations. These situations are obviously data and OS dependent. But with specific data, the crash is reproducible. Patch which fixes the problem: --- ../openldap-2.4.10/servers/slapd/back-sock/result.c 2008-02-08 18:46:09.000000000 -0000 +++ servers/slapd/back-sock/result.c 2008-06-13 15:56:46.000000000 -0000 @@ -77,7 +77,7 @@ } len = strlen( line ); - while ( bp + len - buf > bsize ) { + while ( bp + (len + 1) - buf > bsize ) { size_t offset = bp - buf; bsize += BUFSIZ; buf = (char *) ch_realloc( buf, bsize ); --- ../openldap-2.4.10/servers/slapd/back-shell/result.c 2008-02-11 17:26:47.000000000 -0000 +++ servers/slapd/back-shell/result.c 2008-06-13 15:57:02.000000000 -0000 @@ -80,7 +80,7 @@ } len = strlen( line ); - while ( bp + len - buf > bsize ) { + while ( bp + (len + 1) - buf > bsize ) { size_t offset = bp - buf; bsize += BUFSIZ; buf = (char *) ch_realloc( buf, bsize );

1 0

(ITS#5557) memory leak in ACL sets
by hyc＠OpenLDAP.org 13 Jun '08

13 Jun '08

Full_Name: Howard Chu Version: 2.3.39/2.4/HEAD OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (76.91.220.157) Submitted by: hyc slap_set_join() with an '|' operator will leak values if it detects a duplicate in the rset. A fix will be committed shortly.

1 0

(ITS#5556) ldapadd/slapadd create objects without RDN
by joshua＠itsecureadmin.com 13 Jun '08

13 Jun '08

Full_Name: Josh Miller Version: 2.4.10 OS: CentOS 5.1 URL: http://itsecureadmin.com/uid-test.txt Submission from: (NULL) (65.249.25.3) When adding an object with slapadd or ldapadd, it is possible to create an object which does not have an RDN, and therefore not searchable by RDN. Example data: dn: uid=nouiduser,ou=People,dc=openldap,dc=example,dc=com objectClass: mailAccount maildrop: nouiduser(a)nest.tld mailid: nouiduser(a)nest.tld maildir: nouiduser/ userPassword:: e2NyeXB0fSQxJERCQS5wdmZYJHU0eFp3TndSRDIwSDFkTDBrNmZMRi4= mailquota: 35969216S The above LDIF is added to the directory without any errors and is then missing the uid attribute. ldapsearch will not return any results when filtering on uid, ie: $ ldapsearch -xZZH ldap://server uid=nouiduser - Expected result - return the object. - Actual result - no object returned. - Workaround - use ldapmodify to add the uid attribute. Please see the attached URL for complete event details (add/search/modify).

1 0

(ITS#5555) authzTo ACL check for wrong principal
by andrew.findlay＠skills-1st.co.uk 13 Jun '08

13 Jun '08

Full_Name: Andrew Findlay Version: 2.4.10 OS: Linux: SuSE 10.2 URL: Submission from: (NULL) (88.97.25.132) When using "authz-policy to" I find that the entity that is trying to do an operation on behalf of another entity needs read access to its own authzTo attribute. This seems wrong: authzTo is defining what the user may do: I do not really want them to be able to see it. When doing a proxy authz I think ACLs for this attribute should not be checked at all as the access is effectively being done by the rootdn.

1 0

Re: (ITS#5554) slapd.conf man page missing TLSCipherSuite
by ghenry＠OpenLDAP.org 12 Jun '08

12 Jun '08

<quote who="Howard Chu"> > ghenry(a)OpenLDAP.org wrote: >> Full_Name: Gavin Henry >> Version: HEAD >> OS: >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (212.159.59.85) >> >> >> http://www.openldap.org/software/man.cgi?query=slapd.conf&sektion=5&apropos… >> missing TLSCipherSuite >> >> > No. The Admin Guide is missing the note about GnuTLS under the > TLSCipherSuite > description. The note is present in slapd.conf(5). I don't knwo what I was thinking when I wrote that, but I did mean what you've just wrote. Weird.

1 0

Re: (ITS#5554) slapd.conf man page missing TLSCipherSuite
by hyc＠symas.com 12 Jun '08

12 Jun '08

ghenry(a)OpenLDAP.org wrote: > Full_Name: Gavin Henry > Version: HEAD > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (212.159.59.85) > > > http://www.openldap.org/software/man.cgi?query=slapd.conf&sektion=5&apropos… > missing TLSCipherSuite > > > No. The Admin Guide is missing the note about GnuTLS under the TLSCipherSuite description. The note is present in slapd.conf(5). -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5554) slapd.conf man page missing TLSCipherSuite
by ghenry＠OpenLDAP.org 12 Jun '08

12 Jun '08

Full_Name: Gavin Henry Version: HEAD OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (212.159.59.85) http://www.openldap.org/software/man.cgi?query=slapd.conf&sektion=5&apropos… missing TLSCipherSuite

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs