OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/6452
Full headers

From: j@gropefruit.com
Subject: Able to crash slapd when using identity assertion
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Wed, 13 Jan 2010 05:39:52 +0000
From: j@gropefruit.com
To: openldap-its@OpenLDAP.org
Subject: Able to crash slapd when using identity assertion
Full_Name: J
Version: 2.4.20
OS: Debian-Lenny/amd64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (68.15.14.98)


Able to do all necessary identity assertion when using command-line tools
(ldapsearch, ldapmodify, etc) against my server.  Server is running back_ldap,
back_relay, pcache and back_hdb.

But when I point one of my test hosts (Debian Lenny) against this seemingly
healthy server and I try to login, I get this while running slapd -d -1:

[rw] searchEntryDN: "uid=jay,cn=plain,cn=auth,dc=example,dc=com" ->
"uid=jay,cn=plain,cn=auth,dc=example,dc=com"
slapd: /usr/src/openldap-src-2.4.20/openldap-2.4.20/servers/slapd/entry.c:483:
entry_clean: Assertion `e->e_private == ((void *)0)' failed.
Aborted

Why?

Followup 1

Download message
Subject: Re: (ITS#6452) Able to crash slapd when using identity assertion
From: j@gropefruit.com
Date: Tue, 12 Jan 2010 22:16:29 -0800
To: openldap-its@OpenLDAP.org
Nevermind, commented out the following in my relay database config area:

rwm-rewriteEngine               on
rwm-normalize-mapped-attrs      yes
rwm-rewriteContext searchAttrDN
rwm-rewriteRule "(.+,)?dc=example,dc=com$" "$1,dc=public,dc=com"

No longer crashes.  You may close.

J

On Jan 12, 2010, at 21:39 , openldap-its@OpenLDAP.org wrote:

> 
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
> 
> Thanks for your report to the OpenLDAP Issue Tracking System.  Your
> report has been assigned the tracking number ITS#6452.
> 
> One of our support engineers will look at your report in due course.
> Note that this may take some time because our support engineers
> are volunteers.  They only work on OpenLDAP when they have spare
> time.
> 
> If you need to provide additional information in regards to your
> issue report, you may do so by replying to this message.  Note that
> any mail sent to openldap-its@openldap.org with (ITS#6452)
> in the subject will automatically be attached to the issue report.
> 
> 	mailto:openldap-its@openldap.org?subject=(ITS#6452)
> 
> You may follow the progress of this report by loading the following
> URL in a web browser:
>    http://www.OpenLDAP.org/its/index.cgi?findid=6452
> 
> Please remember to retain your issue tracking number (ITS#6452)
> on any further messages you send to us regarding this report.  If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
> 
> Please note that the Issue Tracking System is not intended to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
> 
> OpenLDAP Software is user supported.
> 	http://www.OpenLDAP.org/support/
> 
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
> 


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org