[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7143) Assertion error (crash); using relay backend and translucent overlay
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7143) Assertion error (crash); using relay backend and translucent overlay
- From: hyc@symas.com
- Date: Tue, 31 Jan 2012 01:27:38 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
mattias@centaurix.com wrote:
> Full_Name: Mattias Andersson
> Version: 2.4.25
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (83.182.107.220)
Please provide a full gdb backtrace from the assertion failure. I've
reproduced this configuration locally but see no crash using ldapsearch. I
don't have the Softerra browser.
> I have configured a proxy server using both the relay backend and the
> translucent overlay:
>
> backend hdb
> backend relay
>
> database hdb
> directory /var/lib/ldap
> suffix "dc=foo,dc=example,dc=com"
> rootdn "cn=admin,dc=foo,dc=example,dc=com"
> rootpw secret
> index objectClass eq
>
> database relay
> suffix "dc=example,dc=com"
> overlay rwm
> rwm-suffixmassage "dc=foo,dc=example,dc=com"
> overlay translucent
> uri ldap://ldap.example.com
>
> This configuration makes it possible for me to override attributes in the remote
> ldap directory and at the same time extend the local directory with new entries.
> This has been tested and works for authorization in a linux environment.
>
> If I issue an LDAP search query, as follows,
>
> ldapsearch -x -b dc=chalmers,dc=se -s base "(objectClass=*)" 1.1
>
> it will yield the following debug output:
>
> slapd starting
> conn=1000 fd=11 ACCEPT from IP=127.0.0.1:36838 (IP=0.0.0.0:389)
> conn=1000 op=0 BIND dn="" method=128
> conn=1000 op=0 RESULT tag=97 err=0 text=
> conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
> filter="(objectClass=*)"
> conn=1000 op=1 SRCH attr=1.1
> conn=1000 op=1: back-relay for DN="dc=example,dc=com" would call self.
> conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=1000 op=2 UNBIND
> conn=1000 fd=11 closed
>
> However, if I query the server using the Softerra LDAP Administrator software
> (Windows), the slapd daemon crashes with an assertion error:
>
> slapd starting
> conn=1000 fd=11 ACCEPT from IP=11.22.33.44:54752 (IP=0.0.0.0:389)
> conn=1000 op=0 BIND dn="" method=128
> conn=1000 op=0 RESULT tag=97 err=0 text=
> conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
> filter="(objectClass=*)"
> conn=1000 op=1 SRCH attr=1.1
> conn=1000 op=1: back-relay for DN="dc=example,dc=com" would call self.
> slapd: /build/buildd/openldap-2.4.25/servers/slapd/attr.c:236: attr_dup2:
> Assertion `j< i' failed.
> Aborted
>
> This is a security vulnerability, since it would be enough to send an LDAP query
> to take down the server.
We don't consider crashes/DOS to be a security vulnerability. A vulnerability
is anything which allows users to see information they should not be allowed
to see; in the case of a crash no information can be retrieved so all data is
completely secure.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/