[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7194) tlso_session_chkhost issue for OpenSSL TLS



dimosthenis.pettas@nsn.com wrote:
> Full_Name: Dimosthenis Pettas
> Version: 2.4.23
> OS: SOLARIS
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (62.159.77.167)

Thanks for the report, fixed in git master.
>
> I use OpenLDAP version 2.4.23 client to connect via TLS to an LDAP
> server(slapd).
> i initialize connection with an IPV6 address using url
> ldap://[fd00:1111:1111:72:20c:29ff:fec5:4ade]:389 and then try to extend
> connection to TLS with calling ldap_start_tls_s. when trying to match
> client-server certificates hosts inside tlso_session_chkhost in tls_o.c we try
> to determine client host type(IS_DNS,IS_IP4,IS_IP6) but for IPV6 it expects to
> find "[" at first position and "]" at latst one to determine IPV6 address:
>
> #ifdef LDAP_PF_INET6
> 	if (name[0] == '['&&  strchr(name, ']')) {
> 		char *n2 = ldap_strdup(name+1);
> 		*strchr(n2, ']') = 0;
> 		if (inet_pton(AF_INET6, n2,&addr))
> 			ntype = IS_IP6;
> 		LDAP_FREE(n2);
> 	} else
>
> but it seems that [] have been removed inside ldap_url_parse_ext in Url.c:
>
>
> 	/* If [ip address]:port syntax, url is [ip and we skip the [ */
> 	ludp->lud_host = LDAP_STRDUP( url + is_v6 );
>
> So name is not [fd00:1111:1111:72:20c:29ff:fec5:4ade] but
> fd00:1111:1111:72:20c:29ff:fec5:4ade and code above fails to determine ntype =
> IS_IP6.
>
> i modified code to:
>
> #ifdef LDAP_PF_INET6
>
>    if (inet_pton(AF_INET6, name,&addr))
> 	{
> 	  ntype = IS_IP6;
>
> 	} else
> #endif
> 	if ((ptr = strrchr(name, '.'))&&  isdigit((unsigned char)ptr[1])) {
> 		if (inet_aton(name, (struct in_addr *)&addr))
> 		{ 		
> 		  ntype = IS_IP4;
> 		
> 		}
> 	}
>
> letting functions inet_pton and inet_aton determing IP type.Scenario worked.
> Let me know if i miss anything or this should be corrected.
>
> Sorry for submitting again ,i wanted to correct email address
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/