12:38 p.m.
--0000000000003b4d37059f1c0189
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
footnote: In my first followup, I intended to write "as I am quite
UNaccustomed to working with the data"
Cheers
On Fri, Feb 21, 2020 at 3:27 PM Lexi Haley <lhaley(a)meditech.com> wrote:
Subscribe=20
<https://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D86429=
9ec-5abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326>=20
to receive emails from MEDITECH or to change email preferences.
--0000000000003b4d37059f1c0189
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">footnote:=C2=A0 In my first followup, I intended to
write=
=C2=A0 "<span style=3D"color:rgb(0,0,0)">as I am quite
UNaccustomed to=
working with the
data"</span><div>Cheers</div></div><br><div
class=3D=
"gmail_quote"><div dir=3D"ltr"
class=3D"gmail_attr">On Fri, Feb 21, 2020 at=
3:27 PM Lexi Haley <<a
href=3D"mailto:lhaley@meditech.com">lhaley@medit=
ech.com</a>> wrote:<br></div><blockquote
class=3D"gmail_quote" style=3D"=
margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-lef=
t:1ex"><div dir=3D"ltr">FOUND THE ISSUE!=C2=A0 So - in GDB , while
paused i=
n the "{mM}" processing that ber_scanf does (called from=C2=A0lda=
p_get_attribute_ber), I kept seeing the variable arguments list not properl=
y setting off --- and sure enough, digging in memory, on the stack was 0x10=
0000000 ...=C2=A0 which was the cause of the eventual
segfault.<div><br></d=
iv><div>Well, backtracking to the ber_scanf call itself, I see a zero 0 whi=
ch isn't cast to the ber_len_t type, and as such, will only occupy 4 by=
tes as a sizeof=C2=A0int - instead of (( on my system 8, for sizeof (ber_le=
n_t).=C2=A0 So - the solution was just=C2=A0to cast the argument.=C2=A0 So =
that the=C2=A0cookie.off =3D va_arg( ap, ber_len_t ); will unpack only byte=
s we've intentionally sent it -- not garbage left
over.</div><div><br><=
/div><div>So - the change suggested
is:</div><div><br></div><div><br></div>=
<div><font face=3D"monospace">diff --git
a/libraries/libldap/getattr.c b/li=
braries/libldap/getattr.c<br>index 31784d765..0300ea574 100644<br>--- a/lib=
raries/libldap/getattr.c<br>+++ b/libraries/libldap/getattr.c<br>@@ -147,7 =
+147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement =
*ber,<br><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* ski=
p sequence, snarf attribute type */<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 tag =3D ber_scanf( ber, vals ? "{mM}" : &quo=
t;{mx}", attr, vals,<br>- =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, 0 );<br>+ =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, (ber_len=
_t)0 );<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if( tag =
=3D=3D LBER_ERROR ) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 rc =3D ld->ld_errno =3D LDAP_DECODING=
_ERROR;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }</font>=
<br></div><div><br></div><div><br></div><div>I
hope you can take this hapha=
zard issue submit, and do whatever is right with it - to get this patch con=
sidered.=C2=A0
Thanks!</div><div><br></div><div><br></div></div><br><div
cl=
ass=3D"gmail_quote"><div dir=3D"ltr"
class=3D"gmail_attr">On Fri, Feb 21, 2=
020 at 1:06 PM Lexi Haley <<a href=3D"mailto:lhaley@meditech.com"
target=
=3D"_blank">lhaley(a)meditech.com</a>&gt;
wrote:<br></div><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid
rg=
b(204,204,204);padding-left:1ex"><div dir=3D"ltr">continuing notes
- as I a=
m quite accustomed to working with the data structures and processes for LD=
AP - my hacky fudge was just that - and also useless.=C2=A0 By bailing out =
at that point, ldapsearch doesn't list the tag=3Dvalue results.=C2=A0 I=
am continuing to dig around
...<div><br></div><div>Lexi</div></div><br><di=
v class=3D"gmail_quote"><div dir=3D"ltr"
class=3D"gmail_attr">On Thu, Feb 2=
0, 2020 at 3:09 PM <<a href=3D"mailto:openldap-its@openldap.org"
target=
=3D"_blank">openldap-its(a)openldap.org</a>&gt;
wrote:<br></div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px
soli=
d rgb(204,204,204);padding-left:1ex"><br *** THIS
IS AN AUTOMATICALLY GENERATED REPLY ***<br
<br Thanks for your report to the
OpenLDAP Issue Tracking System.=C2=A0 Your<br=
report has been assigned the tracking number
ITS#9175.<br <br One of
our support engineers will look at your report in due course.<br Note that this may take some time because our support
engineers<br are volunteers.=C2=A0 They only work
on OpenLDAP when they have spare<br
time.<br <br If you
need to provide additional information in regards to your<br issue report, you may do so by replying to this message.=C2=A0
Note that<br=
any mail sent to <a
href=3D"mailto:openldap-its@openldap.org" target=3D"_bl=
ank">openldap-its(a)openldap.org</a> with (ITS#9175)<br in the subject will automatically be attached to the issue
report.<br <br =C2=A0
=C2=A0 =C2=A0 =C2=A0 mailto:<a href=3D"mailto:openldap-its@openldap.=
org"
target=3D"_blank">openldap-its(a)openldap.org</a>?subject=3D(ITS#9175)<b=
r <br You may follow the progress of this
report by loading the following<br URL in a
web browser:<br =C2=A0 =C2=A0 <a
href=3D"http://www.OpenLDAP.org/its/index.cgi?findid=3D917=
5" rel=3D"noreferrer"
target=3D"_blank">http://www.OpenLDAP.org/its/index.c=
gi?findid=3D9175</a><br <br Please
remember to retain your issue tracking number (ITS#9175)<br on any further messages you send to us regarding this
report.=C2=A0 If<br you don't then
you'll just waste our time and yours because we<br
won't be able to properly track the report.<br <br Please note that the Issue Tracking
System is not intended to<br be used to seek help in the proper
use of OpenLDAP Software.<br Such requests will be
closed.<br <br OpenLDAP
Software is user supported.<br =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a
href=3D"http://www.OpenLDAP.org/support/" re=
l=3D"noreferrer"
target=3D"_blank">http://www.OpenLDAP.org/support/</a>... <br --------------<br Copyright 1998-2007 The OpenLDAP Foundation, All Rights
Reserved.<br <br
</blockquote></div><br
clear=3D"all"><div><br></div>-- <br><div
dir=3D"ltr"=
</blockquote></div><br
clear=3D"all"><div><br></div>-- <br><div
dir=3D"ltr"=
</blockquote></div><br
clear=3D"all"><div><br></div>-- <br><div
dir=3D"ltr"=
class=3D"gmail_signature"><div
dir=3D"ltr"><div><div dir=3D"ltr"><div><div=
dir=3D"ltr"><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;ma=
rgin-top:0pt;margin-bottom:0pt"><span
style=3D"font-size:13pt;font-family:V=
erdana;color:rgb(0,0,0);font-weight:700;vertical-align:baseline;white-space=
:pre-wrap">Lexi Haley </span><span
style=3D"color:rgb(102,102,102);font-fam=
ily:Verdana;font-size:13.3333px;white-space:pre-wrap">(she/her/hers)</span>=
</p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:=
0pt;margin-bottom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;co=
lor:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Computer=
Scientist, System Tools, Advanced Technology Division</span></p><p
dir=3D"=
ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bot=
tom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,10=
2,102);vertical-align:baseline;white-space:pre-wrap">Medical Information Te=
chnology, Inc.</span></p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-he=
ight:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"font-size:10pt;f=
ont-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-spa=
ce:pre-wrap">Office: 781-774-5156 | Mobile:
508-713-2499</span></p><p style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
font face=3D"Verdana"><span
style=3D"font-size:13.3333px;white-space:pre-wr=
ap"><a href=3D"mailto:lhaley@meditech.com"
target=3D"_blank">lhaley@meditec=
h.com</a></span></font></p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-=
height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"font-size:10pt=
;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-s=
pace:pre-wrap">MEDITECH Circle, Westwood, MA 02090</span></p><p
dir=3D"ltr"=
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:=
0pt"><span
style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,10=
2);vertical-align:baseline;white-space:pre-wrap">Main: 781-821-3000 | Fax: =
781-821-2199</span></p></div></div></div></div></div></div
<br <a href=3D"https://ehr.meditech.com/expanse"
target=3D"_blank"><img src=3D"=
https://home.meditech.com/en/d/home/images/meditechemailsignaturelogo2018ex=
panse.jpg"></a><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a
href=3D"ht=
tps://www.linkedin.com/company/meditech" target=3D"_blank"><img
src=3D"http=
s://home.meditech.com/en/d/home/images/emailsignaturelinkedin20pixels.gif... =
style=3D"font-size:1.3em"></a><span
style=3D"font-size:1.3em">=C2=A0 </span=
--0000000000003b4d37059f1c0189--
FOUND THE ISSUE! So - in GDB , while paused in the "{mM}"
processing tha=
t
ber_scanf does (called from ldap_get_attribute_ber), I kept seeing
the
variable arguments list not properly setting off --- and sure enough,
digging in memory, on the stack was 0x100000000 ... which was the cause =
of
the eventual segfault.
Well, backtracking to the ber_scanf call itself, I see a zero 0 which
isn't cast to the ber_len_t type, and as such, will only occupy 4 bytes a=
s
a sizeof int - instead of (( on my system 8, for sizeof (ber_len_t).
So =
-
the solution was just to cast the argument. So that the cookie.off
=3D
va_arg( ap, ber_len_t ); will unpack only bytes we've intentionally sent =
it
-- not garbage left over.
So - the change suggested is:
diff --git a/libraries/libldap/getattr.c b/libraries/libldap/getattr.c
index 31784d765..0300ea574 100644
--- a/libraries/libldap/getattr.c
+++ b/libraries/libldap/getattr.c
@@ -147,7 +147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry,
BerElement *ber,
/* skip sequence, snarf attribute type */
tag =3D ber_scanf( ber, vals ? "{mM}" : "{mx}", attr,
val=
s,
- &siz, 0 );
+ &siz, (ber_len_t)0 );
if( tag =3D=3D LBER_ERROR ) {
rc =3D ld->ld_errno =3D LDAP_DECODING_ERROR;
}
I hope you can take this haphazard issue submit, and do whatever is right
with it - to get this patch considered. Thanks!
On Fri, Feb 21, 2020 at 1:06 PM Lexi Haley <lhaley(a)meditech.com> wrote:
> continuing notes - as I am quite accustomed to working with the data
> structures and processes for LDAP - my hacky fudge was just that - and a=
lso
> useless. By bailing out at that point, ldapsearch doesn't
list the
> tag=3Dvalue results. I am continuing to dig around ...
> Lexi
> On Thu, Feb 20, 2020 at 3:09 PM
<openldap-its(a)openldap.org> wrote:
> >> *** THIS IS AN
AUTOMATICALLY GENERATED REPLY ***
> >> Thanks for your report to the OpenLDAP Issue Tracking
System. Your
>> report has been assigned the tracking number ITS#9175.
> >> One of our support engineers will look at your report
in due course.
>> Note that this may take some time because our support engineers
>> are volunteers. They only work on OpenLDAP when they have spare
>> time.
> >> If you need to provide additional information in
regards to your
>> issue report, you may do so by replying to this message. Note that
>> any mail sent to openldap-its(a)openldap.org with (ITS#9175)
>> in the subject will automatically be attached to the issue report.
> >>
mailto:openldap-its@openldap.org?subject=3D(ITS#9175)
> >> You may follow the progress of this report by loading
the following
>> URL in a web browser:
>> http://www.OpenLDAP.org/its/index.cgi?findid=3D9175
> >> Please remember to retain your issue tracking number
(ITS#9175)
>> on any further messages you send to us regarding this report. If
>> you don't then you'll just waste our time and yours because we
>> won't be able to properly track the report.
> >> Please note that the Issue Tracking System is not
intended to
>> be used to seek help in the proper use of OpenLDAP Software.
>> Such requests will be closed.
> >> OpenLDAP Software is user supported.
>> http://www.OpenLDAP.org/support/
> >> --------------
>> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
> > > --
> Lexi Haley (she/her/hers)
> Computer Scientist, System Tools, Advanced Technology
Division
> Medical Information Technology, Inc.
> Office: 781-774-5156 | Mobile: 508-713-2499
> lhaley(a)meditech.com
> MEDITECH Circle, Westwood, MA 02090
> Main: 781-821-3000 | Fax: 781-821-2199
--
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley(a)meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--=20
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley(a)meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--=20
<https://ehr.meditech.com/expanse>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =20
<https://www.linkedin.com/company/meditech>=C2=A0 =20
<https://twitter.com/MEDITECH>=C2=A0=C2=A0 <https://www.facebook.com/Medite=
chEHR<div dir=3D"ltr"><div><div
dir=3D"ltr"><div><div dir=3D"ltr"><p
dir=3D"ltr=
"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><span
style=3D"font-size:13pt;font-family:Verdana;color:rgb(0,0,0);fo=
nt-weight:700;vertical-align:baseline;white-space:pre-wrap">Lexi Haley </sp=
an><span style=3D"color:rgb(102,102,102);font-family:Verdana;font-size:13.3=
333px;white-space:pre-wrap">(she/her/hers)</span></p><p
dir=3D"ltr" style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,102);ver=
tical-align:baseline;white-space:pre-wrap">Computer Scientist, System Tools=
, Advanced Technology Division</span></p><p dir=3D"ltr"
style=3D"color:rgb(=
80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"=
font-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:ba=
seline;white-space:pre-wrap">Medical Information Technology,
Inc.</span></p=
<p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;color=
:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Office: 781=
-774-5156 | Mobile: 508-713-2499</span></p><p
style=3D"color:rgb(80,0,80);l=
ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><font
face=3D"Verdana"><s=
pan style=3D"font-size:13.3333px;white-space:pre-wrap"><a
href=3D"mailto:lh=
aley(a)meditech.com"
target=3D"_blank">lhaley(a)meditech.com</a></span></font><=
/p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0=
pt;margin-bottom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;col=
or:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">MEDITECH =
Circle, Westwood, MA 02090</span></p><p dir=3D"ltr"
style=3D"color:rgb(80,0=
,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"font=
-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseli=
ne;white-space:pre-wrap">Main: 781-821-3000 | Fax:
781-821-2199</span></p><=
/div></div></div></div></div></div<div dir=3D"ltr"><div><div
dir=3D"ltr"><div><div dir=3D"ltr"><p
dir=3D"ltr=
"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><span
style=3D"font-size:13pt;font-family:Verdana;color:rgb(0,0,0);fo=
nt-weight:700;vertical-align:baseline;white-space:pre-wrap">Lexi Haley </sp=
an><span style=3D"color:rgb(102,102,102);font-family:Verdana;font-size:13.3=
333px;white-space:pre-wrap">(she/her/hers)</span></p><p
dir=3D"ltr" style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,102);ver=
tical-align:baseline;white-space:pre-wrap">Computer Scientist, System Tools=
, Advanced Technology Division</span></p><p dir=3D"ltr"
style=3D"color:rgb(=
80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"=
font-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:ba=
seline;white-space:pre-wrap">Medical Information Technology,
Inc.</span></p=
<p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;color=
:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Office: 781=
-774-5156 | Mobile: 508-713-2499</span></p><p
style=3D"color:rgb(80,0,80);l=
ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><font
face=3D"Verdana"><s=
pan style=3D"font-size:13.3333px;white-space:pre-wrap"><a
href=3D"mailto:lh=
aley(a)meditech.com"
target=3D"_blank">lhaley(a)meditech.com</a></span></font><=
/p><p dir=3D"ltr"
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0=
pt;margin-bottom:0pt"><span
style=3D"font-size:10pt;font-family:Verdana;col=
or:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">MEDITECH =
Circle, Westwood, MA 02090</span></p><p dir=3D"ltr"
style=3D"color:rgb(80,0=
,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style=3D"font=
-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseli=
ne;white-space:pre-wrap">Main: 781-821-3000 | Fax:
781-821-2199</span></p><=
/div></div></div></div></div></div
<a href=3D"https://twitter.com/MEDITECH"
target=3D"_blank"><img src=3D"htt=
ps://home.meditech.com/en/d/home/images/emailsignaturetwitter20pixels.gif... =
style=3D"font-size:1.3em"></a><span
style=3D"font-size:1.3em">=C2=A0=C2=A0<=
/span><a href=3D"https://www.facebook.com/MeditechEHR"
target=3D"_blank"><i=
mg src=3D"https://home.meditech.com/en/d/home/images/emailsignatureface...
20pixels.gif"
style=3D"font-size:1.3em"></a></div><div><div><a
href=3D"http=
s://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D864299ec-5=
abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326" target=
=3D"_blank"><span
style=3D"font-size:10pt;font-family:Verdana;color:rgb(17,=
85,204);vertical-align:baseline;white-space:pre-wrap">Subscribe</span></a><=
span style=3D"font-size:10pt;font-family:Verdana;vertical-align:baseline;wh=
ite-space:pre-wrap"> </span><span
style=3D"font-size:10pt;font-family:Verda=
na;color:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">to =
receive emails from MEDITECH or to change email
preferences.</span></div></=
div
1382
days inactive
1382
days old
0 comments
1 participants
participants (1)
-
lhaley@meditech.com