[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8046) query caused slapd to stop

--On Tuesday, February 03, 2015 12:08:36 AM +0000 Howard Chu <hyc@symas.com> wrote:

> whm@stanford.edu wrote:
>> Full_Name: Bill MacAllister
>> Version: 2.4.40
>> OS: Debian Wheezy
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (
>> I have a perl script that uses Net::LDAPapi to report data from our
>> OpenLDAP servers.  I have used the script on an off for years.
>> This morning I created a new report this morning that is causing
>> slapd on the servers to core dump.  When I do the same query using
>> ldapsearch the query returns normally.
> What is the query? The filter code where this occurs hasn't changed
> in 4 years.
> Provide the slapd -d7 output for the query via your script, as well
> as via ldapsearch.

The system exhibiting this problem was running a beta release of
2.4.40.  When I installed from a build of the current stable the
problem disappeared.  Apologies for the bother, I didn't realize
the system had not been updated.

I think that documenting the query would be useful anyway, but I
want to hold off on that because I know the problem exists in the
build that is in debian backports.  I would like to give Ryan a
chance to fix it before I publish it.  I was able to reproduce the
problem with ldapsearch and it is a trival and very effective
denial of service attack.



Bill MacAllister
Systems Programmer, Stanford University