[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6828) TLS fails to start when LDAP_OPT_CONNECT_ASYNC is used

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6828) TLS fails to start when LDAP_OPT_CONNECT_ASYNC is used
From: hyc@symas.com
Date: Tue, 28 Jun 2011 01:46:33 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Ian Puleston wrote:
> There is something missing from the fix. I just had a problem where an
asynchronous connect was failing and the result was continuous looping with
repeated calls to ldap_sasl_bind.
>
> The problem is that if the connect fails, ldap_int_poll called from
ldap_int_check_async_open gets an error and returns -1, and then -1 is
returned up the stack ldap_int_check_async_open -> ldap_send_initial_request
-> ldap_sasl_bind. But when ldap_sasl_bind gets that -1 return from
ldap_send_initial_request it returns ld->ld_errno, and nowhere have we set
that. In fact, ld->ld_errno still contains LDAP_X_CONNECTING from when the
initial connect was issued, and so ldap_sasl_bind returns LDAP_X_CONNECTING,
and that is what leads to the infinite looping that I see.

Thanks for the analysis and fix. Now patched in master. In the future please 
send actual diffs, as noted http://www.openldap.org/devel/contributing.html

> What is missing is that in ldap_int_check_async_open this:
>
>          default:
>                  return -1;
>
> Should be changed to:
>
>          default:
>                  ld->ld_errno = LDAP_CONNECT_ERROR;
>                  return -1;
>
> Ian

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: RE: (ITS#6828) TLS fails to start when LDAP_OPT_CONNECT_ASYNC is used
Next by Date: (ITS#6980) Patch - Mozilla NSS - memleak - have to free the return from SSL_PeerCertificate
Index(es):
- Chronological
- Thread