[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3955) libraries/libldap/cyrus.c parse error for minssf/maxssf
Full_Name: Charles Stephens
Version: 2.3.5
OS: RedHat 9 with customizations
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (65.57.245.11)
When sasl-secprops has either minssf or maxssf set, SLAPD start up fails with an
"Invalid security properties" message in the log. Problem has been traced back
to a parsing bug in libraries/libldap/cyrus.c:
Examining lines 877 and 878 of cyrus.c shows in the sprops array:
{ BER_BVC("minssf="), 0, GOT_MINSSF, 0 },
{ BER_BVC("maxssf="), 0, GOT_MAXSSF, INT_MAX },
{ BER_BVC("maxbufsize="), 0, GOT_MAXBUF, 65536 },
However, in the ldap_pvt_sasl_secprops function at line 986, it checks for the
'=' character at the
if ( props[i][sprops[j].key.bv_len] != '=' )
continue;
if ( !isdigit(
props[i][sprops[j].key.bv_len+1])) continue;
v = atoi( props[i]+sprops[j].key.bv_len+1 );
Since it includes the = matching string, it checks one beyond where the = would
be in the configuration string and sees that it is a number and not a =, thus it
returns an error. So the solution is to remove the ='s from the array.
Enjoy!