New subject: [Issue 10211] uid or gid >= 2^31 can crash slapd when performing peercred auth

2 May 2024


      https://bugs.openldap.org/show_bug.cgi?id=10211
Issue ID: 10211
           Summary: uid or gid >= 2^31 can crash slapd when performing
                    peercred auth
           Product: OpenLDAP
           Version: 2.6.7
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: bugs@openldap.org
          Reporter: nick@portercomputing.co.uk
  Target Milestone: ---
Created attachment 1018
  --> https://bugs.openldap.org/attachment.cgi?id=1018&action=edit
Patch to resolve issue
If a user with uid or gid >= 2^31 performs peercred authentication, slapd can
crash due to incorrect formatting of uid and gid when producing the authid
string.
uid and gid are unsigned int values, but are currently cast to int and printed
with %d.  This results in values >= 2^31 being printed as negatives, which is
wrong, and for some values that will result in a string longer than the space
which has been allocated due to the addition of the leading '-'.
The issue can be reproduced by attempting a peercred auth from a user with uid
and gid 2649996510 - which will currently be printed as -1644970786.
Attached is a patch which rectifies this.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10211] New: uid or gid >= 2^31 can crash slapd when performing peercred auth