openldap-bugs

openldap-bugs@openldap.org

1 participants
20962 discussions

Re: (ITS#8198) pw-pbkdf2: optionally use libnettle for crypto
by ryan＠nardis.ca 23 Aug '15

23 Aug '15

On Mon, Jul 13, 2015 at 08:44:49PM +0000, luca.bruno(a)rocket-internet.de wrote: >This is a followup to ITS#7977. >Here below are two patches against the pw-pbkdf2 contrib module to: > 1) fix an always-true check > 2) optionally make use of libnettle These are in git master now, along with the #else->#elif fixup. Thank you for the contribution!

1 0

Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes
by subbarao＠computer.org 20 Aug '15

20 Aug '15

1 0

Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes
by subbarao＠computer.org 20 Aug '15

20 Aug '15

On 08/14/2015 10:25 AM, Howard Chu wrote: > I've added a pwdMaxRecordedFailure attribute to the policy schema. > Overloading pwdMaxFailure would be a mistake. > > MaxRecordedFailure will default to MaxFailure if that is set. It > defaults to 5 if nothing is set. There's no good reason to allow the > timestamps to accumulate without bound. > > This is now available for testing in git master. Howard, I just saw this message from you today, when I happened to be looking through my gmail spam folder -- no idea why it ended up there! On Friday, I only saw your subsequent message and responded to it without knowing that you had already implemented this enhancement. So I didn't fully understand the context in which you had written that message. Thanks very much for implementing this enhancement! I will check out the code. Regards, -Kartik

1 0

Re: (ITS#8173)
by hyc＠symas.com 20 Aug '15

20 Aug '15

Adrian.Raemy(a)vtg.admin.ch wrote: > Dear Howard, > > The fix runs stable now over weeks.=20 > slapd didn't crashed anymore. Thank you for the help. > > I guess we can close the ticket. Thanks for the followup. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8218) segfault on sasl auth with malformed URI in config
by hyc＠symas.com 20 Aug '15

20 Aug '15

best(a)univention.de wrote: > Full_Name: > Version: 2.4.40-1 > OS: debian / UCS 4.1 amd64 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (82.198.197.8) > > > A malformed URI in the sasl-regexp directive of slapd.conf caused a segfault of > slapd. > > """ > sasl-regexp > uid=(.*),cn=saml,cn=auth > ldap:///0.0.0.0:7389,389/"dc=dev,dc=local"??sub?uid=$1 > """ > The URI starts with 3 slashes after the scheme instead of 2 slashes. > > When doing authentication via SASL /usr/sbin/slapd segfaults. Thanks for the report, fixed in git master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8046) query caused slapd to stop
by hyc＠symas.com 20 Aug '15

20 Aug '15

Howard Chu wrote: > Ryan Tandy wrote: >> Hi again, >> >> 9d9913392a0346e23f07e65d7d0964c84e2c1277 is the first bad commit >> commit 9d9913392a0346e23f07e65d7d0964c84e2c1277 >> Author: Howard Chu <hyc(a)openldap.org> >> Date: Thu Sep 18 02:06:38 2014 +0100 >> >> ITS#7942 plug leak in controls >> >> Reverting 8bdd54c and 9d99133 fixes the crash. >> >> I suppose it should probably get a CVE, and so on... >> > git history shows vrFilter_free has been broken ever since Kurt wrote it in > 2002. Which pretty much means it was never getting called until #7942 plugged > that memory leak. > For future reference, this was registered as CVE-2015-1546 -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8027) ldapsearch -E deref=member: crashes slapd
by hyc＠symas.com 20 Aug '15

20 Aug '15

Howard Chu wrote: > ryan(a)nardis.ca wrote: >> Full_Name: Ryan Tandy >> Version: master (7df548d), RE24 (2b14bbc) >> OS: Debian unstable >> URL: >> Submission from: (NULL) (142.32.208.227) >> >> >> If you use the deref control but leave the list of requested attributes empty, >> slapd crashes. >> >> ldapsearch [...] -E deref=member: > >> The ldapsearch manpage implies this probably isn't valid, but it still accepted >> it. (FWIW, I tried it just to see whether it would return all attributes or >> none.) I couldn't tell from draft-ldap-deref-00 whether an empty attr list is >> considered a valid request. >> > Patched in master to reject a request with an empty attr list. > For future reference, this was registered as CVE-2015-1545. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8114) [WIP] WiredTiger Backend for OpenLDAP
by hyc＠symas.com 19 Aug '15

19 Aug '15

hamano(a)osstech.co.jp wrote: > Full_Name: HAMANO Tsukasa > Version: master > OS: Linux > URL: https://www.osstech.co.jp/download/hamano/openldap/0001-OpenLDAP-WiredTiger… > Submission from: (NULL) (183.77.250.155) > > > The attached patch file is derived from OpenLDAP Software. All of the > modifications to OpenLDAP Software represented in the following > patch(es) were developed by HAMANO Tsukasa <hamano(a)osstech.co.jp>. I > have not assigned rights and/or interest in this work to any party. > > Copyright 2015 HAMANO Tsukasa <hamano(a)osstech.co.jp> > Redistribution and use in source and binary forms, with or without > modification, are permitted only as authorized by the OpenLDAP Public > License. I've merged patches 0001-0004 and added this to git master. Thanks for the contribution. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8069) MDb library patch: Use explicit Windows API functions for char* strings
by hyc＠symas.com 19 Aug '15

19 Aug '15

pmedvedev(a)gmail.com wrote: > Full_Name: Pavel Medvedev > Version: > OS: Windows 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (217.25.225.40) > > > Most Windows API functions such as CreateFile(), CreateMutex(), > OpenMutex() that accept string arguments, are defined with suffix W or A > for appropriate wchar_t* or char* strings, depending of _UNICODE > preprocessor define. Calling explicit functions with A suffix would eliminate > compile errors when _UNICODE is defined. Thanks, committed to mdb.master. > > As a further enhancement, I think path argument encoding should be documented > (probably UTF-8?) for such functions as mdb_env_open(), mdb_env_copy(), > mdb_env_copy2(), and mdb_env_get_path(). This prevent possible problems with > non-latin characters in path names on Windows. > > In this case, LMDB implementation on Windows should perform path > conversion to UTF-16 and explicit call to CreateFileW() in mdb_env_open() > and mdb_env_copy2() functions. We've been discussing this change on and off for a while. That sounds like the correct approach; patches welcome. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8068) MDB library patch: Using IsWindowsVersionOrGreater() instead of obsolete GetVersion()
by hyc＠symas.com 19 Aug '15

19 Aug '15

pmedvedev(a)gmail.com wrote: > Full_Name: Pavel Medvedev > Version: > OS: Windows 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (217.25.225.40) I'm unable to compile with this patch. The API appears to be missing from older versions of the Windows SDK. MSDN says it's from the Windows 8.1 SDK. Closing this ITS. > > > --- > libraries/liblmdb/mdb.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c > index 65293f4..a54ce83 100644 > --- a/libraries/liblmdb/mdb.c > +++ b/libraries/liblmdb/mdb.c > @@ -239,6 +239,7 @@ union semun { > #endif > > #ifdef _WIN32 > +#include <VersionHelpers.h> > #define MDB_USE_HASH 1 > #define MDB_PIDLOCK 0 > #define THREAD_RET DWORD > @@ -3998,8 +3999,7 @@ mdb_env_open2(MDB_env *env) > > #ifdef _WIN32 > /* See if we should use QueryLimited */ > - rc = GetVersion(); > - if ((rc & 0xff) > 5) > + if (IsWindowsVersionOrGreater(6, 0, 0)) > env->me_pidquery = MDB_PROCESS_QUERY_LIMITED_INFORMATION; > else > env->me_pidquery = PROCESS_QUERY_INFORMATION; > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs