Thanks for the report, suggested fix has been applied.
Regards, Quanah
--On Friday, February 21, 2020 8:38 PM +0000 lhaley@meditech.com wrote:
--0000000000003b4d37059f1c0189 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
footnote: In my first followup, I intended to write "as I am quite UNaccustomed to working with the data" Cheers
On Fri, Feb 21, 2020 at 3:27 PM Lexi Haley lhaley@meditech.com wrote:
FOUND THE ISSUE! So - in GDB , while paused in the "{mM}" processing tha=
t
ber_scanf does (called from ldap_get_attribute_ber), I kept seeing the variable arguments list not properly setting off --- and sure enough, digging in memory, on the stack was 0x100000000 ... which was the cause =
of
the eventual segfault.
Well, backtracking to the ber_scanf call itself, I see a zero 0 which isn't cast to the ber_len_t type, and as such, will only occupy 4 bytes a=
s
a sizeof int - instead of (( on my system 8, for sizeof (ber_len_t). So =
the solution was just to cast the argument. So that the cookie.off =3D va_arg( ap, ber_len_t ); will unpack only bytes we've intentionally sent =
it
-- not garbage left over.
So - the change suggested is:
diff --git a/libraries/libldap/getattr.c b/libraries/libldap/getattr.c index 31784d765..0300ea574 100644 --- a/libraries/libldap/getattr.c +++ b/libraries/libldap/getattr.c @@ -147,7 +147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement *ber,
/* skip sequence, snarf attribute type */ tag =3D ber_scanf( ber, vals ? "{mM}" : "{mx}", attr, val=s,
&siz, 0 );
&siz, (ber_len_t)0 ); if( tag =3D=3D LBER_ERROR ) { rc =3D ld->ld_errno =3D LDAP_DECODING_ERROR; }I hope you can take this haphazard issue submit, and do whatever is right with it - to get this patch considered. Thanks!
On Fri, Feb 21, 2020 at 1:06 PM Lexi Haley lhaley@meditech.com wrote:
continuing notes - as I am quite accustomed to working with the data structures and processes for LDAP - my hacky fudge was just that - and a=
lso
useless. By bailing out at that point, ldapsearch doesn't list the tag=3Dvalue results. I am continuing to dig around ...
Lexi
On Thu, Feb 20, 2020 at 3:09 PM openldap-its@openldap.org wrote:
*** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
Thanks for your report to the OpenLDAP Issue Tracking System. Your report has been assigned the tracking number ITS#9175.
One of our support engineers will look at your report in due course. Note that this may take some time because our support engineers are volunteers. They only work on OpenLDAP when they have spare time.
If you need to provide additional information in regards to your issue report, you may do so by replying to this message. Note that any mail sent to openldap-its@openldap.org with (ITS#9175) in the subject will automatically be attached to the issue report.
mailto:openldap-its@openldap.org?subject=3D(ITS#9175)You may follow the progress of this report by loading the following URL in a web browser: http://www.OpenLDAP.org/its/index.cgi?findid=3D9175
Please remember to retain your issue tracking number (ITS#9175) on any further messages you send to us regarding this report. If you don't then you'll just waste our time and yours because we won't be able to properly track the report.
Please note that the Issue Tracking System is not intended to be used to seek help in the proper use of OpenLDAP Software. Such requests will be closed.
OpenLDAP Software is user supported. http://www.OpenLDAP.org/support/
Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
--
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley@meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley@meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--=20
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley@meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--=20 https://ehr.meditech.com/expanse=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =20 https://www.linkedin.com/company/meditech=C2=A0 =20 https://twitter.com/MEDITECH=C2=A0=C2=A0 <https://www.facebook.com/Medite= chEHR>
Subscribe=20 https://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D864 29= 9ec-5abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326=20 to receive emails from MEDITECH or to change email preferences.
--0000000000003b4d37059f1c0189 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">footnote:=C2=A0 In my first followup, I intended to write= =C2=A0 "<span style=3D"color:rgb(0,0,0)">as I am quite UNaccustomed to= working with the data"</span><div>Cheers</div></div><br><div class=3D= "gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Feb 21, 2020 at= 3:27 PM Lexi Haley <<a href=3D"mailto:lhaley@meditech.com">lhaley@medit= ech.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"= margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-lef= t:1ex"><div dir=3D"ltr">FOUND THE ISSUE!=C2=A0 So - in GDB , while paused i= n the "{mM}" processing that ber_scanf does (called from=C2=A0lda= p_get_attribute_ber), I kept seeing the variable arguments list not properl= y setting off --- and sure enough, digging in memory, on the stack was 0x10= 0000000 ...=C2=A0 which was the cause of the eventual segfault.<div><br></d= iv><div>Well, backtracking to the ber_scanf call itself, I see a zero 0 whi= ch isn't cast to the ber_len_t type, and as such, will only occupy 4 by= tes as a sizeof=C2=A0int - instead of (( on my system 8, for sizeof (ber_le= n_t).=C2=A0 So - the solution was just=C2=A0to cast the argument.=C2=A0 So = that the=C2=A0cookie.off =3D va_arg( ap, ber_len_t ); will unpack only byte= s we've intentionally sent it -- not garbage left over.</div><div><br><= /div><div>So - the change suggested is:</div><div><br></div><div><br></div>= <div><font face=3D"monospace">diff --git a/libraries/libldap/getattr.c b/li= braries/libldap/getattr.c<br>index 31784d765..0300ea574 100644<br>--- a/lib= raries/libldap/getattr.c<br>+++ b/libraries/libldap/getattr.c<br>@@ -147,7 = +147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement = *ber,<br><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* ski= p sequence, snarf attribute type */<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 tag =3D ber_scanf( ber, vals ? "{mM}" : &quo= t;{mx}", attr, vals,<br>- =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, 0 );<br>+ =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, (ber_len= _t)0 );<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if( tag = =3D=3D LBER_ERROR ) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 rc =3D ld->ld_errno =3D LDAP_DECODING= _ERROR;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }</font>= <br></div><div><br></div><div><br></div><div>I hope you can take this hapha= zard issue submit, and do whatever is right with it - to get this patch con= sidered.=C2=A0 Thanks!</div><div><br></div><div><br></div></div><br><div cl= ass=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Feb 21, 2= 020 at 1:06 PM Lexi Haley <<a href=3D"mailto:lhaley@meditech.com" target= =3D"_blank">lhaley@meditech.com</a>> wrote:<br></div><blockquote class= =3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg= b(204,204,204);padding-left:1ex"><div dir=3D"ltr">continuing notes - as I a= m quite accustomed to working with the data structures and processes for LD= AP - my hacky fudge was just that - and also useless.=C2=A0 By bailing out = at that point, ldapsearch doesn't list the tag=3Dvalue results.=C2=A0 I= am continuing to dig around ...<div><br></div><div>Lexi</div></div><br><di= v class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Feb 2= 0, 2020 at 3:09 PM <<a href=3D"mailto:openldap-its@openldap.org" target= =3D"_blank">openldap-its@openldap.org</a>> wrote:<br></div><blockquote c= lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli= d rgb(204,204,204);padding-left:1ex"><br> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***<br> <br> Thanks for your report to the OpenLDAP Issue Tracking System.=C2=A0 Your<br= > report has been assigned the tracking number ITS#9175.<br> <br> One of our support engineers will look at your report in due course.<br> Note that this may take some time because our support engineers<br> are volunteers.=C2=A0 They only work on OpenLDAP when they have spare<br> time.<br> <br> If you need to provide additional information in regards to your<br> issue report, you may do so by replying to this message.=C2=A0 Note that<br= > any mail sent to <a href=3D"mailto:openldap-its@openldap.org" target=3D"_bl= ank">openldap-its@openldap.org</a> with (ITS#9175)<br> in the subject will automatically be attached to the issue report.<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 mailto:<a href=3D"mailto:openldap-its@openldap.= org" target=3D"_blank">openldap-its@openldap.org</a>?subject=3D(ITS#9175)<b= r> <br> You may follow the progress of this report by loading the following<br> URL in a web browser:<br> =C2=A0 =C2=A0 <a href=3D"http://www.OpenLDAP.org/its/index.cgi?findid=3D917= 5" rel=3D"noreferrer" target=3D"_blank">http://www.OpenLDAP.org/its/index.c= gi?findid=3D9175</a><br> <br> Please remember to retain your issue tracking number (ITS#9175)<br> on any further messages you send to us regarding this report.=C2=A0 If<br> you don't then you'll just waste our time and yours because we<br> won't be able to properly track the report.<br> <br> Please note that the Issue Tracking System is not intended to<br> be used to seek help in the proper use of OpenLDAP Software.<br> Such requests will be closed.<br> <br> OpenLDAP Software is user supported.<br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"http://www.OpenLDAP.org/support/" re= l=3D"noreferrer" target=3D"_blank">http://www.OpenLDAP.org/support/</a><br> <br> --------------<br> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.<br> <br> </blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"= > <div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><p > dir=3D"ltr= " style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom= :0pt"><span style=3D"font-size:13pt;font-family:Verdana;color:rgb(0,0,0);fo= nt-weight:700;vertical-align:baseline;white-space:pre-wrap">Lexi Haley </sp= an><span style=3D"color:rgb(102,102,102);font-family:Verdana;font-size:13.3= 333px;white-space:pre-wrap">(she/her/hers)</span></p><p dir=3D"ltr" style= =3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt" ><= span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,102);ver= tical-align:baseline;white-space:pre-wrap">Computer Scientist, System Tools= , Advanced Technology Division</span></p><p dir=3D"ltr" style=3D"color:rgb(= 80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"= font-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align: ba= seline;white-space:pre-wrap">Medical Information Technology, Inc.</span></p= > <p dir=3D"ltr" > style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt= ;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;color= :rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Office: 781= -774-5156 | Mobile: 508-713-2499</span></p><p style=3D"color:rgb(80,0,80);l= ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><font face=3D"Verdana"><s= pan style=3D"font-size:13.3333px;white-space:pre-wrap"><a href=3D"mailto:lh= aley@meditech.com" target=3D"_blank">lhaley@meditech.com</a></span></font><= /p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0= pt;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;col= or:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">MEDITEC H = Circle, Westwood, MA 02090</span></p><p dir=3D"ltr" style=3D"color:rgb(80,0= ,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font= -size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:base li= ne;white-space:pre-wrap">Main: 781-821-3000 | Fax: 781-821-2199</span></p><= /div></div></div></div></div></div> </blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"= > <div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><p > dir=3D"ltr= " style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom= :0pt"><span style=3D"font-size:13pt;font-family:Verdana;color:rgb(0,0,0);fo= nt-weight:700;vertical-align:baseline;white-space:pre-wrap">Lexi Haley </sp= an><span style=3D"color:rgb(102,102,102);font-family:Verdana;font-size:13.3= 333px;white-space:pre-wrap">(she/her/hers)</span></p><p dir=3D"ltr" style= =3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt" ><= span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,102);ver= tical-align:baseline;white-space:pre-wrap">Computer Scientist, System Tools= , Advanced Technology Division</span></p><p dir=3D"ltr" style=3D"color:rgb(= 80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"= font-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align: ba= seline;white-space:pre-wrap">Medical Information Technology, Inc.</span></p= > <p dir=3D"ltr" > style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt= ;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;color= :rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Office: 781= -774-5156 | Mobile: 508-713-2499</span></p><p style=3D"color:rgb(80,0,80);l= ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><font face=3D"Verdana"><s= pan style=3D"font-size:13.3333px;white-space:pre-wrap"><a href=3D"mailto:lh= aley@meditech.com" target=3D"_blank">lhaley@meditech.com</a></span></font><= /p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0= pt;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;col= or:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">MEDITEC H = Circle, Westwood, MA 02090</span></p><p dir=3D"ltr" style=3D"color:rgb(80,0= ,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font= -size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:base li= ne;white-space:pre-wrap">Main: 781-821-3000 | Fax: 781-821-2199</span></p><= /div></div></div></div></div></div> </blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"= class=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div= dir=3D"ltr"><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;ma= rgin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:13pt;font-family:V= erdana;color:rgb(0,0,0);font-weight:700;vertical-align:baseline;white-spa ce= :pre-wrap">Lexi Haley </span><span style=3D"color:rgb(102,102,102);font-fam= ily:Verdana;font-size:13.3333px;white-space:pre-wrap">(she/her/hers)</spa n>= </p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:= 0pt;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;co= lor:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Comput er= Scientist, System Tools, Advanced Technology Division</span></p><p dir=3D"= ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bot= tom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,10= 2,102);vertical-align:baseline;white-space:pre-wrap">Medical Information Te= chnology, Inc.</span></p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-he= ight:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10pt;f= ont-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-s pa= ce:pre-wrap">Office: 781-774-5156 | Mobile: 508-713-2499</span></p><p style= =3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt" ><= font face=3D"Verdana"><span style=3D"font-size:13.3333px;white-space:pre-wr= ap"><a href=3D"mailto:lhaley@meditech.com" target=3D"_blank">lhaley@meditec= h.com</a></span></font></p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-= height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10pt= ;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white -s= pace:pre-wrap">MEDITECH Circle, Westwood, MA 02090</span></p><p dir=3D"ltr"= style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-botto m:= 0pt"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,10= 2);vertical-align:baseline;white-space:pre-wrap">Main: 781-821-3000 | Fax: = 781-821-2199</span></p></div></div></div></div></div></div>
<br> <a href=3D"https://ehr.meditech.com/expanse" target=3D"_blank"><img src=3D"= https://home.meditech.com/en/d/home/images/meditechemailsignaturelogo2018 ex= panse.jpg"></a><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"ht= tps://www.linkedin.com/company/meditech" target=3D"_blank"><img src=3D"http= s://home.meditech.com/en/d/home/images/emailsignaturelinkedin20pixels.gif " = style=3D"font-size:1.3em"></a><span style=3D"font-size:1.3em">=C2=A0 </span= > <a href=3D"https://twitter.com/MEDITECH" target=3D"_blank"><img > src=3D"htt= ps://home.meditech.com/en/d/home/images/emailsignaturetwitter20pixels.gif " = style=3D"font-size:1.3em"></a><span style=3D"font-size:1.3em">=C2=A0=C2=A0<= /span><a href=3D"https://www.facebook.com/MeditechEHR" target=3D"_blank"><i= mg src=3D"https://home.meditech.com/en/d/home/images/emailsignaturefacebook= 20pixels.gif" style=3D"font-size:1.3em"></a></div><div><div><a href=3D"http= s://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D864299ec -5= abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326" target= =3D"_blank"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(17,= 85,204);vertical-align:baseline;white-space:pre-wrap">Subscribe</span></a ><= span style=3D"font-size:10pt;font-family:Verdana;vertical-align:baseline;wh= ite-space:pre-wrap"> </span><span style=3D"font-size:10pt;font-family:Verda= na;color:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">t o = receive emails from MEDITECH or to change email preferences.</span></div></= div> --0000000000003b4d37059f1c0189--
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com