8162 – Probl�me parsing bad LDAP URI in slapo-unique uniqueURI parameter

Issue 8162 - Probl�me parsing bad LDAP URI in slapo-unique uniqueURI parameter

Summary: Probl�me parsing bad LDAP URI in slapo-unique uniqueURI parameter

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.4.40
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-06-02 21:11 UTC by bdauvergne@entrouvert.com
Modified:	2016-01-29 20:32 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description bdauvergne@entrouvert.com 2015-06-02 21:11:03 UTC

Full_Name: Benjamin Dauvergne
Version: 2.4.40
OS: Debian
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (82.242.47.212)


I had configured an mdb backend with a unique overlay configured like this:

add olcOverlay={4}unique,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcUniqueConfig
olcOverlay: {4}unique
olcUniqueURI: ldap://?supannAutreMail?sub

When trying to add the first non root-entry of new DB openldap freeze and takes
100% CPU. After activating loglevel 255 I saw that it was looping inside
mdb_search() logging 'scope not okay' with an increasing integer value in
front.

The problem here is that le LDAP URI is missing a third 'slash' which should
separate the missing hostname part from the base DN parameter. The RFC 2255
grammar seem to imply that the third slash is mandatory if there are other
parameters after it. I think OpenLDAP should have complained about the malformed
olcUniqueURI value, not accept it blindly and fail by entering an infinite
loop.

Overlay configuration that is working:


add olcOverlay={4}unique,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcUniqueConfig
olcOverlay: {4}unique
olcUniqueURI: ldap:///?supannAutreMail?sub

Comment 1 Hallvard Furuseth 2015-06-02 22:06:58 UTC

On 02/06/15 23:11, bdauvergne@entrouvert.com wrote:
> I had configured an mdb backend with a unique overlay configured like this:
>
> add olcOverlay={4}unique,olcDatabase={2}mdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcUniqueConfig
> olcOverlay: {4}unique
> olcUniqueURI: ldap://?supannAutreMail?sub
>
> When trying to add the first non root-entry of new DB openldap freeze and takes
> 100% CPU. After activating loglevel 255 I saw that it was looping inside
> mdb_search() logging 'scope not okay' with an increasing integer value in
> front.

Looks like a duplicate of ITS#8146, fixed in the OPENLDAP_REL_ENG_2_4
branch.  Please test.  Tarball:
<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs/heads/OPENLDAP_REL_ENG_2_4;sf=tgz>

We might need a more general description of ITS#8146 in CHANGES.

Comment 2 Hallvard Furuseth 2015-06-02 22:07:54 UTC

changed notes
changed state Open to Feedback
moved from Incoming to Software Bugs

Comment 3 OpenLDAP project 2016-01-29 20:32:32 UTC

Dup of #8146
Fixed in 2.4.41

Comment 4 Quanah Gibson-Mount 2016-01-29 20:32:32 UTC

changed notes
changed state Feedback to Closed