[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9123) Unauthenticated remote denial-of-service
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#9123) Unauthenticated remote denial-of-service
- From: hyc@symas.com
- Date: Thu, 28 Nov 2019 14:55:07 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Resending with the non-printable chars omitted:
Howard Chu wrote:
> Thanks, but your trace clearly shows that this is a fault in Cyrus SASL, you should be reporting
> this issue to them.
>
> valgrind confirms it as well:
>
> 5ddfddde do_bind: dn () SASL mech <garbage>
> 5ddfddde ==> sasl_bind: dn="" mech=<garbage>
> datalen=0
> ==11019== Thread 3:
> ==11019== Invalid write of size 1
> ==11019== at 0x4B9B1DB: sasl_seterror (seterror.c:247)
> ==11019== by 0x4B9A18D: sasl_server_start (server.c:1418)
> ==11019== by 0x26B88B: slap_sasl_bind (sasl.c:1666)
> ==11019== by 0x21E130: fe_op_bind (bind.c:279)
> ==11019== by 0x21DCE1: do_bind (bind.c:205)
> ==11019== by 0x1F35BA: connection_operation (connection.c:1185)
> ==11019== by 0x1F3CE7: connection_read_thread (connection.c:1342)
> ==11019== by 0x35DFF9: ldap_int_thread_pool_wrapper (tpool.c:1048)
> ==11019== by 0x4DBE668: start_thread (pthread_create.c:479)
> ==11019== by 0x4EFA322: clone (clone.S:95)
> ==11019== Address 0x62032a8 is 0 bytes after a block of size 600 alloc'd
> ==11019== at 0x483CFAF: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==11019== by 0x4B930A4: _buf_alloc (common.c:2186)
> ==11019== by 0x4B93299: _sasl_add_string (common.c:196)
> ==11019== by 0x4B9B2D4: sasl_seterror (seterror.c:187)
> ==11019== by 0x4B9A18D: sasl_server_start (server.c:1418)
> ==11019== by 0x26B88B: slap_sasl_bind (sasl.c:1666)
> ==11019== by 0x21E130: fe_op_bind (bind.c:279)
> ==11019== by 0x21DCE1: do_bind (bind.c:205)
> ==11019== by 0x1F35BA: connection_operation (connection.c:1185)
> ==11019== by 0x1F3CE7: connection_read_thread (connection.c:1342)
> ==11019== by 0x35DFF9: ldap_int_thread_pool_wrapper (tpool.c:1048)
> ==11019== by 0x4DBE668: start_thread (pthread_create.c:479)
> ==11019==
> ==11019== Invalid read of size 1
> ==11019== at 0x483DF54: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==11019== by 0x4E53DE4: __vfprintf_internal (vfprintf-internal.c:1688)
> ==11019== by 0x4E67029: __vsnprintf_internal (vsnprintf.c:114)
> ==11019== by 0x3A1FFA: lutil_debug (debug.c:74)
> ==11019== by 0x266FF3: slap_sasl_log (sasl.c:146)
> ==11019== by 0x4B9B4CF: sasl_seterror (seterror.c:260)
> ==11019== by 0x4B9A18D: sasl_server_start (server.c:1418)
> ==11019== by 0x26B88B: slap_sasl_bind (sasl.c:1666)
> ==11019== by 0x21E130: fe_op_bind (bind.c:279)
> ==11019== by 0x21DCE1: do_bind (bind.c:205)
> ==11019== by 0x1F35BA: connection_operation (connection.c:1185)
> ==11019== by 0x1F3CE7: connection_read_thread (connection.c:1342)
> ==11019== Address 0x62032a8 is 0 bytes after a block of size 600 alloc'd
> ==11019== at 0x483CFAF: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==11019== by 0x4B930A4: _buf_alloc (common.c:2186)
> ==11019== by 0x4B93299: _sasl_add_string (common.c:196)
> ==11019== by 0x4B9B2D4: sasl_seterror (seterror.c:187)
> ==11019== by 0x4B9A18D: sasl_server_start (server.c:1418)
> ==11019== by 0x26B88B: slap_sasl_bind (sasl.c:1666)
> ==11019== by 0x21E130: fe_op_bind (bind.c:279)
> ==11019== by 0x21DCE1: do_bind (bind.c:205)
> ==11019== by 0x1F35BA: connection_operation (connection.c:1185)
> ==11019== by 0x1F3CE7: connection_read_thread (connection.c:1342)
> ==11019== by 0x35DFF9: ldap_int_thread_pool_wrapper (tpool.c:1048)
> ==11019== by 0x4DBE668: start_thread (pthread_create.c:479)
>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/