[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7143) Assertion error (crash); using relay backend and translucent overlay

To: openldap-its@OpenLDAP.org
Subject: (ITS#7143) Assertion error (crash); using relay backend and translucent overlay
From: mattias@centaurix.com
Date: Sun, 29 Jan 2012 17:35:52 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Mattias Andersson
Version: 2.4.25
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (83.182.107.220)


I have configured a proxy server using both the relay backend and the
translucent overlay:

  backend           hdb
  backend           relay
 
  database          hdb
  directory         /var/lib/ldap
  suffix            "dc=foo,dc=example,dc=com"
  rootdn            "cn=admin,dc=foo,dc=example,dc=com"
  rootpw            secret
  index             objectClass eq
 
  database          relay
  suffix            "dc=example,dc=com"
  overlay           rwm
  rwm-suffixmassage "dc=foo,dc=example,dc=com"
  overlay           translucent
  uri               ldap://ldap.example.com

This configuration makes it possible for me to override attributes in the remote
ldap directory and at the same time extend the local directory with new entries.
This has been tested and works for authorization in a linux environment.

If I issue an LDAP search query, as follows,
  
  ldapsearch -x -b dc=chalmers,dc=se -s base "(objectClass=*)" 1.1

it will yield the following debug output:

  slapd starting
  conn=1000 fd=11 ACCEPT from IP=127.0.0.1:36838 (IP=0.0.0.0:389)
  conn=1000 op=0 BIND dn="" method=128
  conn=1000 op=0 RESULT tag=97 err=0 text=
  conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
  conn=1000 op=1 SRCH attr=1.1
  conn=1000 op=1: back-relay for DN="dc=example,dc=com" would call self.
  conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
  conn=1000 op=2 UNBIND
  conn=1000 fd=11 closed

However, if I query the server using the Softerra LDAP Administrator software
(Windows), the slapd daemon crashes with an assertion error:

  slapd starting
  conn=1000 fd=11 ACCEPT from IP=11.22.33.44:54752 (IP=0.0.0.0:389)
  conn=1000 op=0 BIND dn="" method=128
  conn=1000 op=0 RESULT tag=97 err=0 text=
  conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
  conn=1000 op=1 SRCH attr=1.1
  conn=1000 op=1: back-relay for DN="dc=example,dc=com" would call self.
  slapd: /build/buildd/openldap-2.4.25/servers/slapd/attr.c:236: attr_dup2:
Assertion `j < i' failed.
  Aborted

This is a security vulnerability, since it would be enough to send an LDAP query
to take down the server.

Mattias

Prev by Date: (ITS#7142) slapadd with tool-threads hangs on failure
Next by Date: Re: (ITS#7143) Assertion error (crash); using relay backend and translucent overlay
Index(es):
- Chronological
- Thread