[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8714) RFE: Sendout EXTENDED operation message in back-sock

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8714) RFE: Sendout EXTENDED operation message in back-sock
From: michael@stroeder.com
Date: Sun, 27 Aug 2017 11:33:36 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Howard Chu wrote:
> michael@stroeder.com wrote:
>> +    /* write out the request to the extended process */
>> +    fprintf( fp, "EXTENDED\n" );
>> +    fprintf( fp, "msgid: %ld\n", (long) op->o_msgid );
>> +    sock_print_conn( fp, op->o_conn, si );
>> +    sock_print_suffixes( fp, op->o_bd );
>> +    fprintf( fp, "oid: %s\n", op->ore_reqoid.bv_val );
>> +  if (op->ore_reqdata) {
>> +        fprintf( fp, "valuelen: %lu\n", op->ore_reqdata->bv_len );
>> +        fprintf( fp, "value: %s\n", op->ore_reqdata->bv_val );
>> +    }
>> +    fprintf( fp, "\n" );
> 
> This isn't safe. The reqdata is binary, not a nul-terminated C string. I suppose you
> could hex or base64-encode it instead.

Frankly I don't understand.

I considered using base64 but I wanted to stick to what's already done in back-sock.

See openldap/servers/slapd/back-sock/bind.c for the password value which is also an
arbitrary OctetString:

	/* write out the request to the bind process */
[..]
	fprintf( fp, "credlen: %lu\n", op->oq_bind.rb_cred.bv_len );
	fprintf( fp, "cred: %s\n", op->oq_bind.rb_cred.bv_val ); /* XXX */
	fprintf( fp, "\n" );

The above should also work with null-bytes, shoudn't it?

Ciao, Michael.

Prev by Date: RE: (ITS#8717) Connection delete callback registreed with LDAP_OPT_CONNECT_CB is not called on TLS failure
Next by Date: Re: (ITS#8714) RFE: Sendout EXTENDED operation message in back-sock
Index(es):
- Chronological
- Thread