[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7143) Assertion error (crash); using relay backend and translucent overlay

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7143) Assertion error (crash); using relay backend and translucent overlay
From: hyc@symas.com
Date: Tue, 31 Jan 2012 01:27:38 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

mattias@centaurix.com wrote:
> Full_Name: Mattias Andersson
> Version: 2.4.25
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (83.182.107.220)

Please provide a full gdb backtrace from the assertion failure. I've 
reproduced this configuration locally but see no crash using ldapsearch. I 
don't have the Softerra browser.

> I have configured a proxy server using both the relay backend and the
> translucent overlay:
>
>    backend           hdb
>    backend           relay
>
>    database          hdb
>    directory         /var/lib/ldap
>    suffix            "dc=foo,dc=example,dc=com"
>    rootdn            "cn=admin,dc=foo,dc=example,dc=com"
>    rootpw            secret
>    index             objectClass eq
>
>    database          relay
>    suffix            "dc=example,dc=com"
>    overlay           rwm
>    rwm-suffixmassage "dc=foo,dc=example,dc=com"
>    overlay           translucent
>    uri               ldap://ldap.example.com
>
> This configuration makes it possible for me to override attributes in the remote
> ldap directory and at the same time extend the local directory with new entries.
> This has been tested and works for authorization in a linux environment.
>
> If I issue an LDAP search query, as follows,
>
>    ldapsearch -x -b dc=chalmers,dc=se -s base "(objectClass=*)" 1.1
>
> it will yield the following debug output:
>
>    slapd starting
>    conn=1000 fd=11 ACCEPT from IP=127.0.0.1:36838 (IP=0.0.0.0:389)
>    conn=1000 op=0 BIND dn="" method=128
>    conn=1000 op=0 RESULT tag=97 err=0 text=
>    conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
> filter="(objectClass=*)"
>    conn=1000 op=1 SRCH attr=1.1
>    conn=1000 op=1: back-relay for DN="dc=example,dc=com" would call self.
>    conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
>    conn=1000 op=2 UNBIND
>    conn=1000 fd=11 closed
>
> However, if I query the server using the Softerra LDAP Administrator software
> (Windows), the slapd daemon crashes with an assertion error:
>
>    slapd starting
>    conn=1000 fd=11 ACCEPT from IP=11.22.33.44:54752 (IP=0.0.0.0:389)
>    conn=1000 op=0 BIND dn="" method=128
>    conn=1000 op=0 RESULT tag=97 err=0 text=
>    conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
> filter="(objectClass=*)"
>    conn=1000 op=1 SRCH attr=1.1
>    conn=1000 op=1: back-relay for DN="dc=example,dc=com" would call self.
>    slapd: /build/buildd/openldap-2.4.25/servers/slapd/attr.c:236: attr_dup2:
> Assertion `j<  i' failed.
>    Aborted
>
> This is a security vulnerability, since it would be enough to send an LDAP query
> to take down the server.

We don't consider crashes/DOS to be a security vulnerability. A vulnerability 
is anything which allows users to see information they should not be allowed 
to see; in the case of a crash no information can be retrieved so all data is 
completely secure.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#7143) Assertion error (crash); using relay backend and translucent overlay
Next by Date: Re: (ITS#7143) Assertion error (crash); using relay backend and translucent overlay
Index(es):
- Chronological
- Thread