[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4955) v3 referrals problem in libldap/request.c



Full_Name: Steve
Version: 2.3.35
OS: Windows 2003
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (15.227.217.75)



There is a potential hang in the libldap/request.c code for chasing v3
referrals.

I've narrowed down the scope of this issue to libldap/request.c in the function
ldap_chase_v3referrals, specifically the loop after find_connection where it
tries to see if the DN was already requested on that connection. (This is all
around line 889)

>From an outsider's perspective it seems like a really trivial bug was introduced
into this loop in how it deals with the 'lp' variable. 

if ( lp == origreq ) {
	lp = lp->lr_child;
} else {
	lp = lr->lr_refnext;
}

... The variable lr does not change in this loop at all, it seems like a mistake
to use it here as a condition on the loops flow. To me, it would seem like they
meant to use something more like this which is a traditional linked list tree
enumeration.

if ( lp == origreq ) {
	lp = lp->lr_child;
} else {
	lp = lp->lr_refnext;
}

I've tested this particular situation and it seems to eliviate the issue I was
experiencing where it was chasing referrals from AD and never finishing this
part of the function.

I hope this helps others and or can be applied to the latest source code.