[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3955) libraries/libldap/cyrus.c parse error for minssf/maxssf

Full_Name: Charles Stephens
Version: 2.3.5
OS: RedHat 9 with customizations
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

When sasl-secprops has either minssf or maxssf set, SLAPD start up fails with an
"Invalid security properties" message in the log.  Problem has been traced back
to a parsing bug in libraries/libldap/cyrus.c:

Examining lines 877 and 878 of cyrus.c shows in the sprops array:

        { BER_BVC("minssf="), 0, GOT_MINSSF, 0 },
        { BER_BVC("maxssf="), 0, GOT_MAXSSF, INT_MAX },
        { BER_BVC("maxbufsize="), 0, GOT_MAXBUF, 65536 },

However, in the ldap_pvt_sasl_secprops function at line 986, it checks for the
'=' character at the 

                                if ( props[i][sprops[j].key.bv_len] != '=' )
                                if ( !isdigit(
props[i][sprops[j].key.bv_len+1])) continue;
                                v = atoi( props[i]+sprops[j].key.bv_len+1 );

Since it includes the = matching string, it checks one beyond where the = would
be in the configuration string and sees that it is a number and not a =, thus it
returns an error.  So the solution is to remove the ='s from the array.