[Date Prev][Date Next]
Re: (ITS#3657) HDB DoS - client can hang slapd server by moving an entry
Thanks for the report, this is now fixed in CVS HEAD.
>Full_Name: Andrea Ciancone
>Submission from: (NULL) (22.214.171.124)
>By moving an entry under itself, using ldap_modrdn2, slapd completely hangs.
>The only solution is to kill -9 slapd.
>As an example, by moving:
> cn=foo,cn=bar into cn=agor,cn=foo,cn=bar
>slapd stops answering queries. I've tryed it several times,
>and I can sistematically reproduce the problem. I use
>Net::LDAP from CPAN, and run something like:
> $ldap->moddn("cn=foo,cn=bar", newrdn => "cn=agor",
> deleteoldrdn => 1, newsuperior => "cn=foo,cn=bar");
>Any client having write access to any slapd server
>using HDB can completely make the server unusable.
>It is even necessary to run db_recover every time
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support