Full_Name: Mark Seecof Version: 2.3.34 OS: Linux URL: ftp://ftp.openldap.org/incoming/MARK-SEECOF-070313.patch Submission from: (NULL) (151.152.101.44)
When you ask an OpenLDAP tool such as ldapsearch(1) to read a password from a file which is a pipe, FIFO, tty/pty, or other special file, the tool will go into an infinite loop in function lutil_get_filed_password() (from libraries/liblutil/passfile.c).
The problem is a bug in lutil_get_filed_password(): it calls fstat() on the password file, then enters a loop attempting to read st_size bytes from the file until it reaches EOF. For pipes, FIFO's, tty's, etc. st_size is typically 0, so the loop never finishes--you may read 0 bytes from the file an infinite number of times without ever reaching the end! (Actually, fread(,,0,) is a no-op.)
This bug only requires a one-line fix (though I actually propose to change two lines). We simply eliminate the check on st_size and attempt to read a buffer-full of bytes. The existing code cheerfully copes with that many bytes, fewer, or more...
(My second change is to the default buffer size, to make it more efficient.)
SIMPLE LINUX 2.6 TEST CASE
echo -n "password" | ldapsearch -U user -Y Digest-MD5 -y /dev/stdin '(foo=bar)'
GENERIC UNIX/LINUX TEST CASE
mknod pw_fifo p echo -n "password" > pw_fifo & ldapsearch -U user -Y Digest-MD5 -y pw_fifo '(foo=bar)'
Please retrieve my patch from MARK-SEECOF-070313.patch
I, Mark Seecof, hereby place the modifications to OpenLDAP Software I supply in MARK-SEECOF-070313.patch (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.