[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7582) Access to uninitialized memory when sending cldap packet
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7582) Access to uninitialized memory when sending cldap packet
- From: hyc@symas.com
- Date: Thu, 23 May 2013 19:34:47 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
stefw@redhat.com wrote:
> Full_Name: Stef Walter
> Version: 2.4.35
> OS: Fedora 18
> URL: http://fedorapeople.org/~stefw/patches/openldap-01/0001-Fix-usage-of-uninitialized-memory-when-sending-cldap.patch
> Submission from: (NULL) (77.3.95.123)
>
>
> When sending a cldap (UDP) packet, like a search request, uninitialized memory
> is accessed. This shows up in valgrind like this:
>
> ==31445== Conditional jump or move depends on uninitialised value(s)
> ==31445== at 0x36632244E6: ldap_send_server_request (request.c:377)
> ==31445== by 0x36632247C2: ldap_send_initial_request (request.c:166)
> ==31445== by 0x36632142F8: ldap_pvt_search (search.c:128)
> ==31445== by 0x366321454F: ldap_search_ext (search.c:69)
> ==31445== by 0x400838: main (in /data/projects/openldap/frob-cldap-search)
> ==31445==
>
> This is due to parsing the resulting packet to pull out a requestDN. UDP packets
> have different BER layout, and therefore the assumptions made when parsing the
> outgoing request are invalid.
>
> It does not seem necessary to track the request DN for UDP packets. The linked
> patch disables this code path for UDP packets.
>
> Patch which fixes the issue:
> http://fedorapeople.org/~stefw/patches/openldap-01/0001-Fix-usage-of-uninitialized-memory-when-sending-cldap.patch
>
> Test code for the issue:
> http://fedorapeople.org/~stefw/patches/openldap-01/frob-cldap-search.c
>
> Note that the test code doesn't detect the issue on its own (or do anything
> useful). Use valgrind to detect the issue:
>
> $ gcc -o frob-cldap-search -Wall -lldap -llber frob-cldap-search.c
> $ valgrind ./frob-cldap-search
Your patch doesn't fix the issue. The behavior under valgrind is unchanged
either way. Seems you're missing a '!' in your test.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/