[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7694) cldap fails with IPv6 due to wrong size sockaddr

Full_Name: Stef Walter
Version: 2.4.35
OS: Fedora 19
URL: ftp://ftp.openldap.org/incoming/stef-walter-130912.patch
Submission from: (NULL) (

Connectionless LDAP (ie: cldap enabled with -DLDAP_CONNECTIONLESS) is broken for
IPv6 for current versions of openldap. Tested with version 2.4.35

It's not clear if this ever worked properly.

Connections immediately fail with:

ldap_search_ext: Can't contact LDAP server (-1)

The reason for this is that the LDAP_CONNECTIONLESS buffers include a prefix
containing an address in a "struct sockaddr". However, struct sockaddr, is not a
concrete type. In particular struct sockaddr_in6 is longer than struct

Noted here: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/liblber/sockbuf.c;h=d997e92910954b943e5b3fe7139ff4caaeaf49bf;hb=HEAD#l886

So this leads to failures when using IPv6 as the code assumes that the address
length is equal to sizeof (struct sockaddr). Seen here:


Example command:

$ ldapsearch -d -1 -LL -H 'cldap://[2620:52:0:2223::1:1]' -b '' -s base
'(&(DnsDomain=ad.baseos.qe)(NtVer=\06\00\00\00))' NetLogon

Output will contain this:

ldap_write: want=96 error=Invalid argument

Which is the EINVAL resulting from bad value passed to sendto().