12:27 p.m.
--00000000000062d6a8059f1bda34
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
FOUND THE ISSUE! So - in GDB , while paused in the "{mM}" processing that
ber_scanf does (called from ldap_get_attribute_ber), I kept seeing the
variable arguments list not properly setting off --- and sure enough,
digging in memory, on the stack was 0x100000000 ... which was the cause of
the eventual segfault.
Well, backtracking to the ber_scanf call itself, I see a zero 0 which isn't
cast to the ber_len_t type, and as such, will only occupy 4 bytes as a
sizeof int - instead of (( on my system 8, for sizeof (ber_len_t). So -
the solution was just to cast the argument. So that the cookie.off =3D
va_arg( ap, ber_len_t ); will unpack only bytes we've intentionally sent it
-- not garbage left over.
So - the change suggested is:
diff --git a/libraries/libldap/getattr.c b/libraries/libldap/getattr.c
index 31784d765..0300ea574 100644
--- a/libraries/libldap/getattr.c
+++ b/libraries/libldap/getattr.c
@@ -147,7 +147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry,
BerElement *ber,
/* skip sequence, snarf attribute type */
tag =3D ber_scanf( ber, vals ? "{mM}" : "{mx}", attr,
vals,
- &siz, 0 );
+ &siz, (ber_len_t)0 );
if( tag =3D=3D LBER_ERROR ) {
rc =3D ld->ld_errno =3D LDAP_DECODING_ERROR;
}
I hope you can take this haphazard issue submit, and do whatever is right
with it - to get this patch considered. Thanks!
On Fri, Feb 21, 2020 at 1:06 PM Lexi Haley <lhaley(a)meditech.com> wrote:
Subscribe=20
<https://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D86429=
9ec-5abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326>=20
to receive emails from MEDITECH or to change email preferences.
--00000000000062d6a8059f1bda34
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">FOUND THE ISSUE!=C2=A0 So - in GDB , while paused in the
&=
quot;{mM}" processing that ber_scanf does (called from=C2=A0ldap_get_a=
ttribute_ber), I kept seeing the variable arguments list not properly setti=
ng off --- and sure enough, digging in memory, on the stack was 0x100000000=
...=C2=A0 which was the cause of the eventual
segfault.<div><br></div><div=
*** THIS IS AN AUTOMATICALLY
GENERATED REPLY ***<br <br Thanks
for your report to the OpenLDAP Issue Tracking System.=C2=A0 Your<br=
report has been assigned the tracking number
ITS#9175.<br <br One of
our support engineers will look at your report in due course.<br Note that this may take some time because our support
engineers<br are volunteers.=C2=A0 They only work
on OpenLDAP when they have spare<br
time.<br <br If you
need to provide additional information in regards to your<br issue report, you may do so by replying to this message.=C2=A0
Note that<br=
any mail sent to <a
href=3D"mailto:openldap-its@openldap.org" target=3D"_bl=
ank">openldap-its(a)openldap.org</a> with (ITS#9175)<br in the subject will automatically be attached to the issue
report.<br <br =C2=A0
=C2=A0 =C2=A0 =C2=A0 mailto:<a href=3D"mailto:openldap-its@openldap.=
org"
target=3D"_blank">openldap-its(a)openldap.org</a>?subject=3D(ITS#9175)<b=
r <br You may follow the progress of this
report by loading the following<br URL in a
web browser:<br =C2=A0 =C2=A0 <a
href=3D"http://www.OpenLDAP.org/its/index.cgi?findid=3D917=
5" rel=3D"noreferrer"
target=3D"_blank">http://www.OpenLDAP.org/its/index.c=
gi?findid=3D9175</a><br <br Please
remember to retain your issue tracking number (ITS#9175)<br on any further messages you send to us regarding this
report.=C2=A0 If<br you don't then
you'll just waste our time and yours because we<br
won't be able to properly track the report.<br <br Please note that the Issue Tracking
System is not intended to<br be used to seek help in the proper
use of OpenLDAP Software.<br Such requests will be
closed.<br <br OpenLDAP
Software is user supported.<br =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a
href=3D"http://www.OpenLDAP.org/support/" re=
l=3D"noreferrer"
target=3D"_blank">http://www.OpenLDAP.org/support/</a>... <br --------------<br Copyright 1998-2007 The OpenLDAP Foundation, All Rights
Reserved.<br <br
</blockquote></div><br
clear=3D"all"><div><br></div>-- <br><div
dir=3D"ltr"=
</blockquote></div><br
clear=3D"all"><div><br></div>-- <br><div
dir=3D"ltr"=
class=3D"gmail_signature"><div
dir=3D"ltr"><div><div dir=3D"ltr"><div><div=
dir=3D"ltr"><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;ma=
rgin-top:0pt;margin-bottom:0pt"><span
style=3D"font-size:13pt;font-family:V=
erdana;color:rgb(0,0,0);font-weight:700;vertical-align:baseline;white-space=
:pre-wrap">Lexi Haley </span><span
style=3D"color:rgb(102,102,102);font-fam=
ily:Verdana;font-size:13.3333px;white-space:pre-wrap">(she/her/hers)</span>=
</p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:=
0pt;margin-bottom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;co=
lor:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Computer=
Scientist, System Tools, Advanced Technology Division</span></p><p
dir=3D"=
ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bot=
tom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,10=
2,102);vertical-align:baseline;white-space:pre-wrap">Medical Information Te=
chnology, Inc.</span></p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-he=
ight:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"font-size:10pt;f=
ont-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-spa=
ce:pre-wrap">Office: 781-774-5156 | Mobile:
508-713-2499</span></p><p style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
font face=3D"Verdana"><span
style=3D"font-size:13.3333px;white-space:pre-wr=
ap"><a href=3D"mailto:lhaley@meditech.com"
target=3D"_blank">lhaley@meditec=
h.com</a></span></font></p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-=
height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"font-size:10pt=
;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-s=
pace:pre-wrap">MEDITECH Circle, Westwood, MA 02090</span></p><p
dir=3D"ltr"=
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:=
0pt"><span
style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,10=
2);vertical-align:baseline;white-space:pre-wrap">Main: 781-821-3000 | Fax: =
781-821-2199</span></p></div></div></div></div></div></div
<br <a href=3D"https://ehr.meditech.com/expanse"
target=3D"_blank"><img src=3D"=
https://home.meditech.com/en/d/home/images/meditechemailsignaturelogo2018ex=
panse.jpg"></a><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a
href=3D"ht=
tps://www.linkedin.com/company/meditech" target=3D"_blank"><img
src=3D"http=
s://home.meditech.com/en/d/home/images/emailsignaturelinkedin20pixels.gif... =
style=3D"font-size:1.3em"></a><span
style=3D"font-size:1.3em">=C2=A0 </span=
--00000000000062d6a8059f1bda34--
continuing notes - as I am quite accustomed to working with the data
structures and processes for LDAP - my hacky fudge was just that - and al=
so
useless. By bailing out at that point, ldapsearch doesn't list
the
tag=3Dvalue results. I am continuing to dig around ...
Lexi
On Thu, Feb 20, 2020 at 3:09 PM <openldap-its(a)openldap.org> wrote:
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
> Thanks for your report to the OpenLDAP Issue Tracking
System. Your
> report has been assigned the tracking number ITS#9175.
> One of our support engineers will look at your report in
due course.
> Note that this may take some time because our support engineers
> are volunteers. They only work on OpenLDAP when they have spare
> time.
> If you need to provide additional information in regards
to your
> issue report, you may do so by replying to this message. Note that
> any mail sent to openldap-its(a)openldap.org with (ITS#9175)
> in the subject will automatically be attached to the issue report.
>
mailto:openldap-its@openldap.org?subject=3D(ITS#9175)
> You may follow the progress of this report by loading the
following
> URL in a web browser:
> http://www.OpenLDAP.org/its/index.cgi?findid=3D9175
> Please remember to retain your issue tracking number
(ITS#9175)
> on any further messages you send to us regarding this report. If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
> Please note that the Issue Tracking System is not intended
to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
> OpenLDAP Software is user supported.
> http://www.OpenLDAP.org/support/
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
--
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley(a)meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--=20
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley(a)meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--=20
<https://ehr.meditech.com/expanse>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =20
<https://www.linkedin.com/company/meditech>=C2=A0 =20
<https://twitter.com/MEDITECH>=C2=A0=C2=A0 <https://www.facebook.com/Medite=
chEHRWell, backtracking to the ber_scanf call itself, I see a zero 0 which
isn&=
#39;t cast to the ber_len_t type, and as such, will only occupy 4 bytes as
=
a sizeof=C2=A0int - instead of (( on my system 8, for sizeof (ber_len_t).=
=C2=A0 So - the solution was just=C2=A0to cast the argument.=C2=A0 So that =
the=C2=A0cookie.off =3D va_arg( ap, ber_len_t ); will unpack only bytes we&=
#39;ve intentionally sent it -- not garbage left
over.</div><div><br></div>=
<div>So - the change suggested
is:</div><div><br></div><div><br></div><div>=
<font face=3D"monospace">diff --git a/libraries/libldap/getattr.c
b/librari=
es/libldap/getattr.c<br>index 31784d765..0300ea574 100644<br>--- a/librarie=
s/libldap/getattr.c<br>+++ b/libraries/libldap/getattr.c<br>@@ -147,7 +147,=
7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement *ber,=
<br><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* skip seq=
uence, snarf attribute type */<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 tag =3D ber_scanf( ber, vals ? "{mM}" : "{mx}=
", attr, vals,<br>- =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, 0 );<br>+ =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, (ber_len_t)0 );=
<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if( tag =3D=3D =
LBER_ERROR ) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 rc =3D ld->ld_errno =3D LDAP_DECODING_ERROR;=
<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0
}</font><br></d=
iv><div><br></div><div><br></div><div>I hope
you can take this haphazard is=
sue submit, and do whatever is right with it - to get this patch considered=
.=C2=A0
Thanks!</div><div><br></div><div><br></div></div><br><div
class=3D"=
gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On
Fri, Feb 21, 2020 at =
1:06 PM Lexi Haley <<a
href=3D"mailto:lhaley@meditech.com">lhaley@medite=
ch.com</a>> wrote:<br></div><blockquote
class=3D"gmail_quote" style=3D"m=
argin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left=
:1ex"><div dir=3D"ltr">continuing notes - as I am quite accustomed
to worki=
ng with the data structures and processes for LDAP - my hacky fudge was jus=
t that - and also useless.=C2=A0 By bailing out at that point, ldapsearch d=
oesn't list the tag=3Dvalue results.=C2=A0 I am continuing to dig aroun=
d
...<div><br></div><div>Lexi</div></div><br><div
class=3D"gmail_quote"><di=
v dir=3D"ltr" class=3D"gmail_attr">On Thu, Feb 20, 2020 at 3:09 PM
<<a h=
ref=3D"mailto:openldap-its@openldap.org"
target=3D"_blank">openldap-its@ope=
nldap.org</a>> wrote:<br></div><blockquote
class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><br<div dir=3D"ltr"><div><div
dir=3D"ltr"><div><div dir=3D"ltr"><p
dir=3D"ltr=
"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><span
style=3D"font-size:13pt;font-family:Verdana;color:rgb(0,0,0);fo=
nt-weight:700;vertical-align:baseline;white-space:pre-wrap">Lexi Haley </sp=
an><span style=3D"color:rgb(102,102,102);font-family:Verdana;font-size:13.3=
333px;white-space:pre-wrap">(she/her/hers)</span></p><p
dir=3D"ltr" style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,102);ver=
tical-align:baseline;white-space:pre-wrap">Computer Scientist, System Tools=
, Advanced Technology Division</span></p><p dir=3D"ltr"
style=3D"color:rgb(=
80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"=
font-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:ba=
seline;white-space:pre-wrap">Medical Information Technology,
Inc.</span></p=
<p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;color=
:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Office: 781=
-774-5156 | Mobile: 508-713-2499</span></p><p
style=3D"color:rgb(80,0,80);l=
ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><font
face=3D"Verdana"><s=
pan style=3D"font-size:13.3333px;white-space:pre-wrap"><a
href=3D"mailto:lh=
aley(a)meditech.com"
target=3D"_blank">lhaley(a)meditech.com</a></span></font><=
/p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0=
pt;margin-bottom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;col=
or:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">MEDITECH =
Circle, Westwood, MA 02090</span></p><p dir=3D"ltr"
style=3D"color:rgb(80,0=
,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"font=
-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseli=
ne;white-space:pre-wrap">Main: 781-821-3000 | Fax:
781-821-2199</span></p><=
/div></div></div></div></div></div
<a href=3D"https://twitter.com/MEDITECH"
target=3D"_blank"><img src=3D"htt=
ps://home.meditech.com/en/d/home/images/emailsignaturetwitter20pixels.gif... =
style=3D"font-size:1.3em"></a><span
style=3D"font-size:1.3em">=C2=A0=C2=A0<=
/span><a href=3D"https://www.facebook.com/MeditechEHR"
target=3D"_blank"><i=
mg src=3D"https://home.meditech.com/en/d/home/images/emailsignatureface...
20pixels.gif"
style=3D"font-size:1.3em"></a></div><div><div><a
href=3D"http=
s://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D864299ec-5=
abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326" target=
=3D"_blank"><span
style=3D"font-size:10pt;font-family:Verdana;color:rgb(17,=
85,204);vertical-align:baseline;white-space:pre-wrap">Subscribe</span></a><=
span style=3D"font-size:10pt;font-family:Verdana;vertical-align:baseline;wh=
ite-space:pre-wrap"> </span><span
style=3D"font-size:10pt;font-family:Verda=
na;color:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">to =
receive emails from MEDITECH or to change email
preferences.</span></div></=
div
1379
days inactive
1379
days old
0 comments
1 participants
participants (1)
-
lhaley@meditech.com