[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd dies on particular search (ITS#2278)

Full_Name: Stephane LE COZ
Version: 2.0.11 2.0.27
OS: Solaris 8
Submission from: (NULL) (

I'm running two 2.0.11 openldap servers (master/slave configuration) on Solaris
8 for about 1 year. The directory contains about 60000 entries and had no issue
at all.

One week ago, my two slapd suddenly died with no particular reason. Just
restarted them and everything came back to normal operation.
During last week, we faced some new crashes and it was finally impossible to
keep them working for more than 5min.
Turn on debbuging didn't help because slapd died before he can print the search
filter content.

After quite long invesgation, I found out this issue :
If a ldapsearch use some (at least one) special characters in the filter
pattern, the slapd dies...
This issue affects the 2.0.11 openldap server (did not try on 2.1.xx yet) and is
confirmed on 2.0.27.

Example : ldapsearch -b "ou=accounts, o=mydomain, c=cfr" "(uid=? Mes images ?)"

Using hex codes for special characters (%xx), the pattern is :

Temporary solved the issue using some filters preventing special characters.
This issue could potentialy result in DoS.

Best regards.