[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7759) Wrong parsing of LDAP message

lslebodn@redhat.com wrote:
> Full_Name: Lukas Slebodnik
> Version: 2.4.38
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/Lukas-Slebodnik-131205.tar.gz
> Submission from: (NULL) (
> We(sssd) have an upstream ticket with crash.
> https://fedorahosted.org/sssd/ticket/2134
> But after investigation, it was not problem in sssd, but in ldap library.
> sssd_be: ../../../libraries/liblber/io.c:108: ber_write: Assertion `buf !=
> ((void *)0)' failed.
> I think that problem is partially in user LDAP server, because server send wrong
> response for user binding with password policy. But on the other hand
> ldap_parse_result should not return LDAP_SUCCESS if incoming message is
> malformed, because it was a reason why 2nd ldap function
> ldap_parse_passwordpolicy_control crashed with abort.

Thanks for the report, but your patch is wrong, it rejects any control with a 
NULL value. Not all controls are required to have a value, so your patch would 
reject otherwise valid controls.

> Reporter uses old ldap library on Centos 6.4, but I was able to reproduce with
> libraries from the latest version from git repo(master branch)
> I uploaded tarball Lukas-Slebodnik-131205.tar.gz with patch and two files with
> client-server communication (hexdump from wireshark). 1st with enabled password
> policy on server and 2nd with disabled PP. Problem occurs only with enabled
> password policy.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/