--On Tuesday, February 03, 2015 12:08:36 AM +0000 Howard Chu hyc@symas.com wrote:
whm@stanford.edu wrote:
Full_Name: Bill MacAllister Version: 2.4.40 OS: Debian Wheezy URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (171.64.19.165)
I have a perl script that uses Net::LDAPapi to report data from our OpenLDAP servers. I have used the script on an off for years. This morning I created a new report this morning that is causing slapd on the servers to core dump. When I do the same query using ldapsearch the query returns normally.
What is the query? The filter code where this occurs hasn't changed in 4 years.
Provide the slapd -d7 output for the query via your script, as well as via ldapsearch.
The system exhibiting this problem was running a beta release of 2.4.40. When I installed from a build of the current stable the problem disappeared. Apologies for the bother, I didn't realize the system had not been updated.
I think that documenting the query would be useful anyway, but I want to hold off on that because I know the problem exists in the build that is in debian backports. I would like to give Ryan a chance to fix it before I publish it. I was able to reproduce the problem with ldapsearch and it is a trival and very effective denial of service attack.
Bill