https://bugs.openldap.org/show_bug.cgi?id=10101
Issue ID: 10101 Summary: Fix double file close when first TLS connection fails Product: OpenLDAP Version: 2.6.2 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: florin.crisan@axigen.com Target Milestone: ---
Created attachment 981 --> https://bugs.openldap.org/attachment.cgi?id=981&action=edit Proof of concept
1. ldap_initialize a connection with multiple URLs, the first one being LDAPS. (For example: "ldaps://server,ldap://server"). The LDAPS connection needs to successfully open the TCP connection, but fail during TLS negotiation.
2. When TLS negotiation fails, ldap_int_open_connection calls ber_int_sb_close (which closes the connections attached to the sockbuf) but fails to call ber_int_sb_destroy, so the TCP layers are still attached to the sockbuf structure.
3. When the second connection is opened, a new TCP layer is added to the sockbuf structure, but the existing one is still there. Both now point to the updated sockbuf structure, with the new file descriptor.
4. When the connection is closed, the layers attached to the sockbuf close the new file descriptor twice.
This may be the same problem as https://lists.openldap.org/hyperkitty/list/openldap-devel@openldap.org/threa...
https://bugs.openldap.org/show_bug.cgi?id=10101
Florin Crișan florin.crisan@axigen.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |florin.crisan@axigen.com
--- Comment #1 from Florin Crișan florin.crisan@axigen.com --- Created attachment 982 --> https://bugs.openldap.org/attachment.cgi?id=982&action=edit Proposed patch
https://bugs.openldap.org/show_bug.cgi?id=10101
--- Comment #2 from Florin Crișan florin.crisan@axigen.com --- The problem has been found in 2.6.2 but it is probably much older.
It doesn't seem to have been fixed in 2.6.6.
https://bugs.openldap.org/show_bug.cgi?id=10101
--- Comment #3 from Florin Crișan florin.crisan@axigen.com --- Comment on attachment 981 --> https://bugs.openldap.org/attachment.cgi?id=981 Proof of concept
Axigen Messaging SRL hereby place the following source code (and only this source code) into the public domain. Hence, this code may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
https://bugs.openldap.org/show_bug.cgi?id=10101
--- Comment #4 from Florin Crișan florin.crisan@axigen.com --- Comment on attachment 982 --> https://bugs.openldap.org/attachment.cgi?id=982 Proposed patch
Axigen Messaging SRL hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
https://bugs.openldap.org/show_bug.cgi?id=10101
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |CONFIRMED Ever confirmed|0 |1
--- Comment #5 from Howard Chu hyc@openldap.org --- Thanks for the detailed report. For future reference, the proof of concept only asserted for me when I used two plain ldap:// URLs, otherwise the TLS negotiation always succeeded.
https://bugs.openldap.org/show_bug.cgi?id=10101
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|CONFIRMED |RESOLVED
--- Comment #6 from Howard Chu hyc@openldap.org --- fixed in master
https://bugs.openldap.org/show_bug.cgi?id=10101
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Assignee|bugs@openldap.org |hyc@openldap.org Target Milestone|--- |2.5.17
https://bugs.openldap.org/show_bug.cgi?id=10101
--- Comment #7 from Quanah Gibson-Mount quanah@openldap.org --- head:
• b7a22d38 by Florin Crișan at 2023-09-21T17:34:59+01:00 ITS#10101 libldap: fix double sb_close when first TLS connection fails
https://bugs.openldap.org/show_bug.cgi?id=10101
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED
--- Comment #8 from Quanah Gibson-Mount quanah@openldap.org --- RE26:
• b04dfbff by Florin Crișan at 2024-01-11T17:54:23+00:00 ITS#10101 libldap: fix double sb_close when first TLS connection fails
RE25:
• 0ae183e7 by Florin Crișan at 2024-01-11T17:56:03+00:00 ITS#10101 libldap: fix double sb_close when first TLS connection fails
https://bugs.openldap.org/show_bug.cgi?id=10101
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org