[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3657) HDB DoS - client can hang slapd server by moving an entry



Thanks for the report, this is now fixed in CVS HEAD.

aciancone@masobit.net wrote:

>Full_Name: Andrea Ciancone
>Version: 2.2.23
>OS: Debian
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (193.206.187.19)
>
>
>By moving an entry under itself, using ldap_modrdn2, slapd completely hangs.
>The only solution is to kill -9 slapd. 
>As an example, by moving:
>
>         cn=foo,cn=bar into cn=agor,cn=foo,cn=bar
>
>slapd stops answering queries. I've tryed it several times, 
>and I can sistematically reproduce the problem. I use 
>Net::LDAP from CPAN, and run something like:
>
>  $ldap->moddn("cn=foo,cn=bar", newrdn => "cn=agor", 
>        deleteoldrdn => 1, newsuperior => "cn=foo,cn=bar");
>
>Any client having write access to any slapd server 
>using HDB can completely make the server unusable. 
>It is even necessary to run db_recover every time 
>this happens.
>
>Cheers,
>Andrea
>
>
>  
>


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support