[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: OpenLDAP 2.1.[23] dump core when scanned
Funny, we already passed the single-byte test in the BER torture test. Now
fixed in HEAD, io.c rev 1.73. Thanks for the report.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of Thomas Nau
> Sent: Thursday, July 11, 2002 2:00 AM
> To: openldap-bugs@OpenLDAP.org
> Subject: OpenLDAP 2.1.[23] dump core when scanned
>
>
> Hi all.
> Our server just crashed over night when it got scanned. We have been able
> to reproduce the problem using the 'socket' tool:
>
> echo -n <single character> | socket server port
>
> It doesn't matter which character you send to the server (the scanner used
> ','), slapd dumps core at
>
> libraries/liblber/io.c:536
>
> code
> ...
> AC_MEMCPY(buf, ber->ber_ptr, i);
> ...
>
> as i is equal -1. Sorry, I don't understand enough of the code to provide
> a patch.
>
> Thomas
>
> Additional debug output from server
> ...
> slapd startup: initiated.
> slapd starting
> synchronizer starting for /ldap/openldap/var/openldap-data
> daemon: added 7r
> daemon: added 8r
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: select: listen=8 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: new connection on 9
> ldap_pvt_gethostbyname_a: host=frago, r=0
> daemon: conn=0 fd=9 connection from IP=10.0.0.1:61163
> (IP=0.0.0.0:9999) accepted.
> daemon: added 9r
> daemon: activity on:
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: select: listen=8 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 9r
> daemon: read activity on 9
> connection_get(9)
> connection_get(9): got connid=0
> connection_read(9): checking for input on id=0
> ber_get_next
> ldap_read: want=9, got=1
> 0000: 41 A
> Segmentation Fault (core dumped)
>
>
> -----------------------------------------------------------------
> PGP fingerprint: B1 EE D2 39 2C 82 26 DA A5 4D E0 50 35 75 9E ED
> Phone: +49 731 50 22464
> FAX: +49 731 50 22471
>