lslebodn@redhat.com wrote:
Full_Name: Lukas Slebodnik Version: 2.4.38 OS: Fedora URL: ftp://ftp.openldap.org/incoming/Lukas-Slebodnik-131205.tar.gz Submission from: (NULL) (209.132.186.34)
We(sssd) have an upstream ticket with crash. https://fedorahosted.org/sssd/ticket/2134 But after investigation, it was not problem in sssd, but in ldap library.
sssd_be: ../../../libraries/liblber/io.c:108: ber_write: Assertion `buf != ((void *)0)' failed.
I think that problem is partially in user LDAP server, because server send wrong response for user binding with password policy. But on the other hand ldap_parse_result should not return LDAP_SUCCESS if incoming message is malformed, because it was a reason why 2nd ldap function ldap_parse_passwordpolicy_control crashed with abort.
Thanks for the report, but your patch is wrong, it rejects any control with a NULL value. Not all controls are required to have a value, so your patch would reject otherwise valid controls.
Reporter uses old ldap library on Centos 6.4, but I was able to reproduce with libraries from the latest version from git repo(master branch)
I uploaded tarball Lukas-Slebodnik-131205.tar.gz with patch and two files with client-server communication (hexdump from wireshark). 1st with enabled password policy on server and 2nd with disabled PP. Problem occurs only with enabled password policy.