(ITS#7143) Assertion error (crash); using relay backend and translucent overlay

29 Jan 2012


      Full_Name: Mattias Andersson
Version: 2.4.25
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (83.182.107.220)
I have configured a proxy server using both the relay backend and the
translucent overlay:
backend           hdb
  backend           relay
database          hdb
  directory         /var/lib/ldap
  suffix            "dc=foo,dc=example,dc=com"
  rootdn            "cn=admin,dc=foo,dc=example,dc=com"
  rootpw            secret
  index             objectClass eq
database          relay
  suffix            "dc=example,dc=com"
  overlay           rwm
  rwm-suffixmassage "dc=foo,dc=example,dc=com"
  overlay           translucent
  uri               ldap://ldap.example.com
This configuration makes it possible for me to override attributes in the remote
ldap directory and at the same time extend the local directory with new entries.
This has been tested and works for authorization in a linux environment.
If I issue an LDAP search query, as follows,
ldapsearch -x -b dc=chalmers,dc=se -s base "(objectClass=*)" 1.1
it will yield the following debug output:
slapd starting
  conn=1000 fd=11 ACCEPT from IP=127.0.0.1:36838 (IP=0.0.0.0:389)
  conn=1000 op=0 BIND dn="" method=128
  conn=1000 op=0 RESULT tag=97 err=0 text=
  conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
  conn=1000 op=1 SRCH attr=1.1
  conn=1000 op=1: back-relay for DN="dc=example,dc=com" would call self.
  conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
  conn=1000 op=2 UNBIND
  conn=1000 fd=11 closed
However, if I query the server using the Softerra LDAP Administrator software
(Windows), the slapd daemon crashes with an assertion error:
slapd starting
  conn=1000 fd=11 ACCEPT from IP=11.22.33.44:54752 (IP=0.0.0.0:389)
  conn=1000 op=0 BIND dn="" method=128
  conn=1000 op=0 RESULT tag=97 err=0 text=
  conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
  conn=1000 op=1 SRCH attr=1.1
  conn=1000 op=1: back-relay for DN="dc=example,dc=com" would call self.
  slapd: /build/buildd/openldap-2.4.25/servers/slapd/attr.c:236: attr_dup2:
Assertion `j < i' failed.
  Aborted
This is a security vulnerability, since it would be enough to send an LDAP query
to take down the server.
Mattias

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

(ITS#7143) Assertion error (crash); using relay backend and translucent overlay