OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Documentation/7935
Full headers

From: ryan@nardis.ca
Subject: fails to convert slapd.conf including schema with "+" in name
Compose comment
Download message
State:
0 replies:
3 followups: 1 2 3

Major security issue: yes  no

Notes:

Notification:


Date: Mon, 08 Sep 2014 18:03:42 +0000
From: ryan@nardis.ca
To: openldap-its@OpenLDAP.org
Subject: fails to convert slapd.conf including schema with "+" in name
Full_Name: Ryan Tandy
Version: master, RE24
OS: Debian
URL: 
Submission from: (NULL) (24.68.121.206)


Hi,

Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603544

Steps to reproduce:

ln -s /usr/local/etc/openldap/schema/core.schema core+test.schema
echo 'include ./core+test.schema' > slapd.conf
A0Amkdir slapd.d
slaptest -f slapd.conf -F slapd.d

Before commit d1b38bd ("ITS#6967 normalize schema RDN"), this fails with:

config_build_entry: build "cn={0}core+test" failed: "(null)"
backend_startup_one (type=config, suffix="cn=config"): bi_db_open failed! (-1)

but slapd still works if running with slapd.conf only (-F omitted).

After that commit, slaptest and slapd both crash shortly after rdnNormalize at
bconfig.c:6841. rdnNormalize() fails because the constructed DN is not valid,
but its return value is not checked.

It would be really nice if it would automatically escape or replace
inappropriate characters in the filename, but I'll understand if that's asking
too much. :)

(Alternatively, if there are restrictions on what is considered a valid schema
filename, please document them.)

Followup 1

Download message
Date: Mon, 08 Sep 2014 13:30:28 -0700
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: ryan@nardis.ca, openldap-its@OpenLDAP.org
Subject: Re: (ITS#7935) fails to convert slapd.conf including schema with
 "+" in name
--On Monday, September 08, 2014 7:03 PM +0000 ryan@nardis.ca wrote:

> Full_Name: Ryan Tandy
> Version: master, RE24
> OS: Debian
> URL:
> Submission from: (NULL) (24.68.121.206)
>
>
> Hi,
>
> Debian bug report:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603544

Schema filenames should only be alphanumeric.  Noted to update the 
documentation with this restriction.

--Quanah

--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 2

Download message
Date: Mon, 08 Sep 2014 15:18:06 -0700
From: Ryan Tandy <ryan@nardis.ca>
To: quanah@zimbra.com, openldap-its@OpenLDAP.org
Subject: Re: (ITS#7935) fails to convert slapd.conf including schema with
 "+" in name
On 08/09/14 01:30 PM, quanah@zimbra.com wrote:
> Schema filenames should only be alphanumeric.  Noted to update the
> documentation with this restriction.

OK, noted. Even so, please consider a change along the lines of 
<http://paste.debian.net/119969/>, just to avoid crashing on an 
inappropriate filename.



Followup 3

Download message
Date: Tue, 09 Sep 2014 14:41:56 +0100
From: Howard Chu <hyc@symas.com>
To: ryan@nardis.ca, openldap-its@OpenLDAP.org
Subject: Re: (ITS#7935) fails to convert slapd.conf including schema with
 "+" in name
ryan@nardis.ca wrote:
> On 08/09/14 01:30 PM, quanah@zimbra.com wrote:
>> Schema filenames should only be alphanumeric.  Noted to update the
>> documentation with this restriction.
>
> OK, noted. Even so, please consider a change along the lines of
> <http://paste.debian.net/119969/>, just to avoid crashing on an
> inappropriate filename.

Patched in master, thanks.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org