[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dnNormalize2 failed assertion (sasl_regexp?)

> * Kurt D. Zeilenga (Kurt@OpenLDAP.org) wrote:
>> Character strings are expected to be NUL ('\0') terminated
>> in OpenLDAP.  When passed in a berval, bv_len should be equal
>> to strlen(bv_val).
> If I follow things correctly the string is coming from SASL, does that
> statement hold over SASL as well?
>> The statement is asserting "Is the berval parameter properly formed?".
>> The bug is in the function which constructed (or mangled) the berval.
> What does that?  From what I can tell it's SASL, or is it in the ldap
> libraries and coming from the client?  Of course, if it's the fault of
> the client then there's some question as to if LDAP should be crashing
> due to this...  DOS possibilities and all that.

Apparently a client is calling slap_sasl_getdn() with a non-zero
terminated string in id and with len set to the appropriate length.
slap_sasl_getdn() was not handling that case in the appropriate
manner, since a DN in a berval MUST be zero-terminated by design
(that's why there's the assertion).  I improved the slap_sasl_getdn()
function to handle this case in the appropriate manner (UNTESTED,
please check because a bug may well have slipped into my fix :).

I assume that since slap_sasl_getdn() design allows the id string
to be non zero-terminated, the bug was in this function.  In any case
it was not in dnNormalize2().


Pierangelo Masarati