[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8046) query caused slapd to stop

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8046) query caused slapd to stop
From: whm@stanford.edu
Date: Tue, 03 Feb 2015 10:15:42 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

--On Tuesday, February 03, 2015 12:08:36 AM +0000 Howard Chu <hyc@symas.com> wrote:

> whm@stanford.edu wrote:
>> Full_Name: Bill MacAllister
>> Version: 2.4.40
>> OS: Debian Wheezy
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (171.64.19.165)
>>
>> I have a perl script that uses Net::LDAPapi to report data from our
>> OpenLDAP servers.  I have used the script on an off for years.
>> This morning I created a new report this morning that is causing
>> slapd on the servers to core dump.  When I do the same query using
>> ldapsearch the query returns normally.
>
> What is the query? The filter code where this occurs hasn't changed
> in 4 years.
>
> Provide the slapd -d7 output for the query via your script, as well
> as via ldapsearch.

The system exhibiting this problem was running a beta release of
2.4.40.  When I installed from a build of the current stable the
problem disappeared.  Apologies for the bother, I didn't realize
the system had not been updated.

I think that documenting the query would be useful anyway, but I
want to hold off on that because I know the problem exists in the
build that is in debian backports.  I would like to give Ryan a
chance to fix it before I publish it.  I was able to reproduce the
problem with ldapsearch and it is a trival and very effective
denial of service attack.

Bill

-- 

Bill MacAllister
Systems Programmer, Stanford University

Prev by Date: Re: (ITS#8047) TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL
Next by Date: (ITS#8048) back-sock/slapo-sock issue
Index(es):
- Chronological
- Thread