[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapsearch segmentation fault (ITS#1649)



There is a filter buffer of size BUFSIZ used in ldapsearch.c for the filter.
Your BUFSIZ is probably 8192 bytes, that's the default value on Linux/glibc.
This is certainly a bug in the dosearch() function in ldapsearch.c, using an
unprotected buffer.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of chabrol@vfnm.de
> Sent: Monday, March 18, 2002 6:45 AM
> To: openldap-its@OpenLDAP.org
> Subject: ldapsearch segmentation fault (ITS#1649)
>
>
> Full_Name: Daniel Chabrol
> Version: openldap-2.0.21-1
> OS: linux
> URL:
> Submission from: (NULL) (212.2.32.4)
>
>
> Hello!
>
> The ldapsearch command-line-tool crashes (Segmentation fault) if I use a
> searchfilter with 11714 bytes. I don't know the exact limit, but if the
> searchfilter is 7814 bytes it works. Maybe a bound-check is missing.
>
> PS: I know, kind of twisted filter %-)
>
> System: Linux Kernel 2.4.9-13
> Distribution: Red Hat Linux release 7.2 (Enigma)
> RPMs: openldap-clients-2.0.21-1; openldap-servers-2.0.21-1;
> openldap-2.0.21-1
>
> best regards,
> Daniel Chabrol