OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/6530
Full headers

From: masarati@aero.polimi.it
Subject: Controls in successful bind response are discarded by proxy backends
Compose comment
Download message
State:
0 replies:
2 followups: 1 2

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 22 Apr 2010 15:57:57 +0000
From: masarati@aero.polimi.it
To: openldap-its@OpenLDAP.org
Subject: Controls in successful bind response are discarded by proxy backends
Full_Name: Pierangelo Masarati
Version: HEAD/re24
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (129.72.165.211)
Submitted by: ando


Related to ITS#6166; in the meanwhile, a specific fix is coming.

p.

Followup 1

Download message
Date: Thu, 22 Apr 2010 12:59:22 -0700
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: masarati@aero.polimi.it, openldap-its@openldap.org
Subject: Re: (ITS#6530) Controls in successful bind response are discarded
 by	proxy backends
--On Thursday, April 22, 2010 3:57 PM +0000 masarati@aero.polimi.it wrote:

> Full_Name: Pierangelo Masarati
> Version: HEAD/re24
> OS: irrelevant
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (129.72.165.211)
> Submitted by: ando
>
>
> Related to ITS#6166; in the meanwhile, a specific fix is coming.

ITS#6166 is marked RE25/RE30.  Is this fix appropriate for RE24?

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 2

Download message
Date: Thu, 22 Apr 2010 22:07:48 +0200 (CEST)
Subject: Re: (ITS#6530) Controls in successful bind response are discarded 
     by	proxy backends
From: masarati@aero.polimi.it
To: "Quanah Gibson-Mount" <quanah@zimbra.com>
Cc: openldap-its@openldap.org
> --On Thursday, April 22, 2010 3:57 PM +0000 masarati@aero.polimi.it wrote:
>
>> Full_Name: Pierangelo Masarati
>> Version: HEAD/re24
>> OS: irrelevant
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (129.72.165.211)
>> Submitted by: ando
>>
>>
>> Related to ITS#6166; in the meanwhile, a specific fix is coming.
>
> ITS#6166 is marked RE25/RE30.  Is this fix appropriate for RE24?

As soon as ITS#6166 is fixed in re25, ITS#5630 is a re24-only issue.  If
successful bind response were returned by backends/overlays instead of the
frontend, this issue wouldn'd have appeared.

This does not mean we need to rush it into 2.4.22.  It passed all tests
for me, and showed no leaks or so when proxying binds with password policy
control, but I'd like it to be reviewed.

p.


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org