[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Modify with NULLs causes an assertion to fail, slapd to abort (ITS#1364)
Full_Name: John Madden
Version: 2.0.14
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (168.91.4.66)
Using perl's Net::LDAP (for example), it is possible to cause slapd to exit on
the assert call in servers/slapd/schema_check.c line 45 -- by sending a NULL
value.
Example LDIF prior to the modify:
dn: uid=jmadden,ou=People,dc=ivy,dc=tec,dc=in,dc=us
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
uid: jmadden
cn: jmadden
gidNumber: 100
uidNumber: 10042
homeDirectory: /home/jmadden
mainframeId: ycn000
loginShell: /bin/bash
gecos: John E. Madden,, 921-4691
mailacceptinggeneralid:
maildrop: jmadden
description: Unix Systems Engineer
campus: Central Office
Sample perl code to cause the assert() to fail:
$result = $ldap->modify(
"uid=$uid,ou=People,dc=ivy,dc=tec,dc=in,dc=us",
changes =>
[
replace => [ 'gecos', "$in{'name'},, $in{'phone'}",
'mailacceptinggeneralid', "$in{'alias'}",
'maildrop', "$uid",
'description', "$in{'title'}",
'campus', "$in{'campus'}"
]
]
);
Logging:
/usr/local/libexec/slapd -d 816
<snip>
ber_dump: buf=0x001025d0 ptr=0x00102674 end=0x001026a1 len=45
0000: 30 2b 0a 01 02 30 26 04 0b 64 65 73 63 72 69 70 0+...0&..descrip
0010: 74 69 6f 6e 31 17 04 15 55 6e 69 78 20 53 79 73 tion1...Unix Sys
0020: 74 65 6d 73 20 45 6e 67 69 6e 65 65 72 tems Engineer
conn=5 op=1 MOD dn="uid=jmadden,ou=People,dc=ivy,dc=tec,dc=in,dc=us"
schema_check.c:45: failed assertion `a->a_vals[0] != NULL'
Abort
Explanation: in our example, by having $in{'alias'} be NULL, i.e., the user
doesn't have a mail alias, slapd fails its assertion and exits. In other words,
any user with write permission on a DN can take down slapd. I'd provide an LDIF
for the operation itself, but I'm not sure how I'd represent that in LDIF.
Please feel free to contact me if more information is necessary.