[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap-backend segmentation fault (ITS#1367)
friedrich.rechtberger@emb.magwien.gv.at wrote:
> server configured with --enable-ldap=yes --with-ldap-module=static
>
> I use the server as an ldap-proxy "database ldap" with no problem until the
> ldap-client requests an attribute that isn't defined in the schema of the
> openldap-server but is replied by the answer of the back-ldap server. If this
> happens i see an segmentation fault.
Forget my previous posting. It doesn't matter where the error shows up.
It originates in servers/slapd/back-ldap/search.c, where there's no
check
for the correct retieval of the attribute description in
ldap_send_entry():
> continue;
> attr->a_next = 0;
> attr->a_desc = NULL;
> slap_str2ad(a, &attr->a_desc, &text);
> attr->a_vals = ldap_get_values_len(lc->ld, e, a);
> if (!attr->a_vals)
> attr->a_vals = &dummy;
>
It has been fixed some time ago in 1.23, but not released yet.
The fix reads:
> continue;
> attr->a_next = 0;
> attr->a_desc = NULL;
> if (slap_str2ad(mapped, &attr->a_desc, &text) != LDAP_SUCCESS) {
> ch_free(attr);
> continue;
> }
> attr->a_vals = ldap_get_values_len(lc->ld, e, a);
> if (!attr->a_vals) {
> attr->a_vals = &dummy;
so the unknown attribute is stripped from the results (what if the
resulting entry does not pass the schema?)
Pierangelo.
--
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy |
http://www.aero.polimi.it/~masarati