[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3642) back-dnssrv may cause assertion to fail

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3642) back-dnssrv may cause assertion to fail
From: Kurt@OpenLDAP.org
Date: Fri, 8 Apr 2005 21:50:24 GMT

As potential DoS attacks are not considered "major security"
issues, I now make this report public.

Kurt

At 01:00 PM 4/8/2005, ando@sys-net.it wrote:
>Full_Name: Pierangelo Masarati
>Version: HEAD/2.3/2.2
>OS: Linux (whitebox)
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (81.72.89.40)
>
>
>Note: I've marked this as a security issue because it can potentially cause a
>denial of service for those that use DNSSRV.  A quick fix is to disable the
>service; a cleaner solution consists in applying the simple fix I'm indicating
>below.
>
>A sr_ref is not cleared after sending a referral; this for instance may cause
>and assert() to fail in slapd, with subsequent abort().  The problem doesn't
>appear with searches, but may appear with other operations, like compare.
>
>Moreover, multiple results are being returned, because dnssrv_back_referrals()
>is returning 0 (success) instead of 10 (referral) after correctly processing the
>referral.  This is also occurring with searches.
>
>A fix is in HEAD:
>
>i.e. back-dnssrv/referral.c 1.20 -> 1.22
>
>the very same fix can be applied to 2.2 and 2.3.
>
>p.

Prev by Date: Re: (ITS#3613) globbing support for slapd config's include statement
Next by Date: Re: (ITS#3267) more modrdn problems
Index(es):
- Chronological
- Thread