[Issue 9607] New: ldapsearch nettimeout option is not respected

https://bugs.openldap.org/show_bug.cgi?id=9607

Issue ID: 9607 Summary: ldapsearch nettimeout option is not respected Product: OpenLDAP Version: 2.5.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: client tools Assignee: bugs@openldap.org Reporter: simon.pichugin@gmail.com Target Milestone: ---

Description of problem: ldapsearch doesn't respect nettimeout option and hangs forever if the server is not accessible (for example when packets are dropped by iptables).

Version-Release number of selected component (if applicable): ldapsearch: @(#) $OpenLDAP: ldapsearch 2.5.5 (Jul 9 2021 07:02:36) $ Checking with openssl-1.1.1k

Additionally: The issue is also present in the older versions. Also, the issue still exists with openssl-3.0.0-0.alpha16

How reproducible: always

Steps to Reproduce: 1. iptables -A INPUT -p tcp --sport 636 -m tcp --tcp-flags PSH PSH -j DROP 2. ldapsearch -o nettimeout=3 -H ldaps://192.168.0.1 -b dc=example,dc=com -x -s base

Actual results: ldapsearch hangs

Expected results: ldapsearch should return error: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Additional info: ldap_url_parse_ext(ldaps://192.168.0.1) ldap_create ldap_url_parse_ext(ldaps://192.168.0.1:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 192.168.0.1:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.0.1:636 ldap_pvt_connect: fd: 3 tm: 3 async: 0 ldap_ndelay_on: 3 attempting to connect: connect errno: 115 ldap_int_poll: fd: 3 tm: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_pvt_connect: 0 TLS trace: SSL_connect:before SSL initialization tls_write: want=285, written=285 0000: 16 03 01 01 18 01 00 01 14 03 03 d9 3e 1d 7f d5 ............>... 0010: d9 4d 52 b5 3f 49 33 f5 b2 4b 2c 1a 24 0b 3f d6 .MR.?I3..K,.$.?. ... ... 0100: e1 be fe 47 48 5c 93 91 6b eb fd 36 94 fd 64 7b ...GH..k..6..d{ 0110: 84 80 7a 25 c5 c5 a4 9b d2 53 28 62 25 ..z%.....S(b% TLS trace: SSL_connect:SSLv3/TLS write client hello tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_connect:SSLv3/TLS write client hello tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_connect:SSLv3/TLS write client hello tls_read: want=5 error=Resource temporarily unavailable ... Repeats the following lines eternally: TLS trace: SSL_connect:SSLv3/TLS write client hello tls_read: want=5 error=Resource temporarily unavailable