[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3642) back-dnssrv may cause assertion to fail

As potential DoS attacks are not considered "major security"
issues, I now make this report public.


At 01:00 PM 4/8/2005, ando@sys-net.it wrote:
>Full_Name: Pierangelo Masarati
>Version: HEAD/2.3/2.2
>OS: Linux (whitebox)
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>Note: I've marked this as a security issue because it can potentially cause a
>denial of service for those that use DNSSRV.  A quick fix is to disable the
>service; a cleaner solution consists in applying the simple fix I'm indicating
>A sr_ref is not cleared after sending a referral; this for instance may cause
>and assert() to fail in slapd, with subsequent abort().  The problem doesn't
>appear with searches, but may appear with other operations, like compare.
>Moreover, multiple results are being returned, because dnssrv_back_referrals()
>is returning 0 (success) instead of 10 (referral) after correctly processing the
>referral.  This is also occurring with searches.
>A fix is in HEAD:
>i.e. back-dnssrv/referral.c 1.20 -> 1.22
>the very same fix can be applied to 2.2 and 2.3.