[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8820) ldap_get_attribute_ber() return NULL pointer while OK

To: openldap-its@OpenLDAP.org
Subject: (ITS#8820) ldap_get_attribute_ber() return NULL pointer while OK
From: daniel@haxx.se
Date: Sat, 17 Mar 2018 22:46:09 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Daniel Stenberg
Version: any
OS: Linux
URL: 
Submission from: (NULL) (178.174.211.173)


The function ldap_get_attribute_ber() is called to get attributes, but it turns
out that it can return LDAP_SUCCESS and still return a NULL pointer in the
result pointer when getting a particularly crafted response.

This was a surprise to us and to curl, as this caused us a security
vulnerability. See https://curl.haxx.se/docs/adv_2018-97a2.html

1. There's no man page nor online resource to read the docs for this function so
its really hard to figure out this fact.

2. This behavior is surprising, and this flaw was even written by someone very
familiar with OpenLDAP, indicating it is unintended or at least not the normal
path.

3. Due to the above two points, I believe there's a risk curl is not the only
application in the world that had this bad assumption and thus this might be a
lurking security issue in more projects.

 / Daniel

Prev by Date: Re: (ITS#8819) LMDB seg fault with MDB_DUPSORT on -O3
Next by Date: Re: (ITS#8820) ldap_get_attribute_ber() return NULL pointer while OK
Index(es):
- Chronological
- Thread