9607 – ldapsearch nettimeout option is not respected

Issue 9607 - ldapsearch nettimeout option is not respected

Summary: ldapsearch nettimeout option is not respected

Status:	VERIFIED DUPLICATE of issue 8047

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	client tools (show other issues)
Version:	2.5.5
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-07-09 12:24 UTC by Simon Pichugin
Modified:	2021-07-16 17:52 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Simon Pichugin 2021-07-09 12:24:04 UTC

Description of problem:
ldapsearch doesn't respect nettimeout option and hangs forever if the server is not accessible (for example when packets are dropped by iptables).

Version-Release number of selected component (if applicable):
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.5.5 (Jul  9 2021 07:02:36) $
Checking with openssl-1.1.1k

Additionally:
The issue is also present in the older versions.
Also, the issue still exists with openssl-3.0.0-0.alpha16

How reproducible:
always

Steps to Reproduce:
1. iptables -A INPUT -p tcp --sport 636 -m tcp --tcp-flags PSH PSH -j DROP
2. ldapsearch -o nettimeout=3 -H ldaps://192.168.0.1 -b dc=example,dc=com -x -s base

Actual results:
ldapsearch hangs 

Expected results:
ldapsearch should return error:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Additional info:
ldap_url_parse_ext(ldaps://192.168.0.1)
ldap_create
ldap_url_parse_ext(ldaps://192.168.0.1:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.0.1:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.0.1:636
ldap_pvt_connect: fd: 3 tm: 3 async: 0
ldap_ndelay_on: 3
attempting to connect: 
connect errno: 115
ldap_int_poll: fd: 3 tm: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_pvt_connect: 0
TLS trace: SSL_connect:before SSL initialization
tls_write: want=285, written=285
  0000:  16 03 01 01 18 01 00 01  14 03 03 d9 3e 1d 7f d5   ............>...  
  0010:  d9 4d 52 b5 3f 49 33 f5  b2 4b 2c 1a 24 0b 3f d6   .MR.?I3..K,.$.?.  
  ...
  ...
  0100:  e1 be fe 47 48 5c 93 91  6b eb fd 36 94 fd 64 7b   ...GH\..k..6..d{  
  0110:  84 80 7a 25 c5 c5 a4 9b  d2 53 28 62 25            ..z%.....S(b%     
TLS trace: SSL_connect:SSLv3/TLS write client hello
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_connect:SSLv3/TLS write client hello
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_connect:SSLv3/TLS write client hello
tls_read: want=5 error=Resource temporarily unavailable
...
Repeats the following lines eternally:
TLS trace: SSL_connect:SSLv3/TLS write client hello
tls_read: want=5 error=Resource temporarily unavailable

Comment 1 Quanah Gibson-Mount 2021-07-16 17:52:43 UTC


*** This issue has been marked as a duplicate of issue 8047 ***