[Date Prev][Date Next] [Chronological] [Thread] [Top]

Possible bug in ldap_get_values_len?

To: openldap-technical <openldap-technical@openldap.org>
Subject: Possible bug in ldap_get_values_len?
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Sat, 16 Oct 2010 12:09:11 -0400
User-agent: Sup/git

Hello all,

I was mucking around with OpenLDAP and noticed that ldap_get_values_len
was returning NULL without setting a corresponding error code.  Intruiged
by this behavior, I did some debugging, and found that it was doing so
on nsslapd-referral as generated by a Fedora 1.2.5 or 1.2.6 directory server
for the cn=config entry (I haven't checked anywhere else yet).  Here
is a fragment of the byte sequence in ber_buf that was causing this:

    000<14><04><10>nsslapd-referral1<00>0<19><04><12>password

I checked some other code, ldapvi works around this by checking if the return
value of ldap_get_values_len is NULL before using it, but it doesn't seem to
do so consistently, and an old version of the code had this to say:

    struct berval **values = ldap_get_values_len(ld, entry, ad);
    struct berval **ptr;

    if (!values) continue; /* weird server */

I've also posted to 389-users [1], in Fedora Directory Server spitting out
malformed data.  But in that case, OpenLDAP should give me an error code,
or work around it, or something.

Cheers,
Edward

[1] http://lists.fedoraproject.org/pipermail/389-users/2010-October/012320.html

Follow-Ups:
- Re: Possible bug in ldap_get_values_len?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: ppolicy causing slapcat to segfault
Next by Date: Excessively 'busy' slapd -- how to find out why.
Index(es):
- Chronological
- Thread