[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4954) must clear c_sasl_dn after error

Full_Name: Donn Cave
Version: 2.4.4
OS: Red Hat RHEL 3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

After SASL bind failure, c_sasl_dn is not cleared, and eventually causes a crash
when it is encountered in a subsequent bind attempt, in ch_free,
slap_sasl_authorize ca. line 676.  (Depending on platform malloc - NetBSD
complains here but doesn't crash, Linux/glibc may or may not complain but does
corrupt heap and eventually crashes.)

Duplicate:  Attempt SASL PLAIN bind as "" with password "" (for example) to get
SASL "User not found" error.  Then make one or more SASL EXTERNAL binds, until
server crashes - shouldn't take but one or two.  I make a supportSASLMechanisms
search before the PLAIN bind, because that's what our user did when he crashed
our service, but this is probably irrelevant.  I do not specify a bind name in
the EXTERNAL bind.

Fix:  in slap_sasl_bind, ca. line 1713, BER_BVZERO(&op->o_conn->c_sasl_dn) after
bind fails (sc neither SASL_OK nor SASL_CONTINUE)

Problem initially encountered in 2.3.24, also observed in 2.3.21 and 2.4.4.  Fix
tested on 2.3.21 and 2.3.24.