[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7759) Wrong parsing of LDAP message

Full_Name: Lukas Slebodnik
Version: 2.4.38
OS: Fedora
URL: ftp://ftp.openldap.org/incoming/Lukas-Slebodnik-131205.tar.gz
Submission from: (NULL) (

We(sssd) have an upstream ticket with crash.
But after investigation, it was not problem in sssd, but in ldap library.

sssd_be: ../../../libraries/liblber/io.c:108: ber_write: Assertion `buf !=
((void *)0)' failed.

I think that problem is partially in user LDAP server, because server send wrong
response for user binding with password policy. But on the other hand
ldap_parse_result should not return LDAP_SUCCESS if incoming message is
malformed, because it was a reason why 2nd ldap function
ldap_parse_passwordpolicy_control crashed with abort.

Reporter uses old ldap library on Centos 6.4, but I was able to reproduce with
libraries from the latest version from git repo(master branch)

I uploaded tarball Lukas-Slebodnik-131205.tar.gz with patch and two files with
client-server communication (hexdump from wireshark). 1st with enabled password
policy on server and 2nd with disabled PP. Problem occurs only with enabled
password policy.