[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7759) Wrong parsing of LDAP message
lslebodn@redhat.com wrote:
> Full_Name: Lukas Slebodnik
> Version: 2.4.38
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/Lukas-Slebodnik-131205.tar.gz
> Submission from: (NULL) (209.132.186.34)
>
>
> We(sssd) have an upstream ticket with crash.
> https://fedorahosted.org/sssd/ticket/2134
> But after investigation, it was not problem in sssd, but in ldap library.
>
> sssd_be: ../../../libraries/liblber/io.c:108: ber_write: Assertion `buf !=
> ((void *)0)' failed.
>
> I think that problem is partially in user LDAP server, because server send wrong
> response for user binding with password policy. But on the other hand
> ldap_parse_result should not return LDAP_SUCCESS if incoming message is
> malformed, because it was a reason why 2nd ldap function
> ldap_parse_passwordpolicy_control crashed with abort.
Thanks for the report, but your patch is wrong, it rejects any control with a
NULL value. Not all controls are required to have a value, so your patch would
reject otherwise valid controls.
> Reporter uses old ldap library on Centos 6.4, but I was able to reproduce with
> libraries from the latest version from git repo(master branch)
>
> I uploaded tarball Lukas-Slebodnik-131205.tar.gz with patch and two files with
> client-server communication (hexdump from wireshark). 1st with enabled password
> policy on server and 2nd with disabled PP. Problem occurs only with enabled
> password policy.
>
>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/