[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9175) ldapsearch segfault
--00000000000062d6a8059f1bda34
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
FOUND THE ISSUE! So - in GDB , while paused in the "{mM}" processing that
ber_scanf does (called from ldap_get_attribute_ber), I kept seeing the
variable arguments list not properly setting off --- and sure enough,
digging in memory, on the stack was 0x100000000 ... which was the cause of
the eventual segfault.
Well, backtracking to the ber_scanf call itself, I see a zero 0 which isn't
cast to the ber_len_t type, and as such, will only occupy 4 bytes as a
sizeof int - instead of (( on my system 8, for sizeof (ber_len_t). So -
the solution was just to cast the argument. So that the cookie.off =3D
va_arg( ap, ber_len_t ); will unpack only bytes we've intentionally sent it
-- not garbage left over.
So - the change suggested is:
diff --git a/libraries/libldap/getattr.c b/libraries/libldap/getattr.c
index 31784d765..0300ea574 100644
--- a/libraries/libldap/getattr.c
+++ b/libraries/libldap/getattr.c
@@ -147,7 +147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry,
BerElement *ber,
/* skip sequence, snarf attribute type */
tag =3D ber_scanf( ber, vals ? "{mM}" : "{mx}", attr, vals,
- &siz, 0 );
+ &siz, (ber_len_t)0 );
if( tag =3D=3D LBER_ERROR ) {
rc =3D ld->ld_errno =3D LDAP_DECODING_ERROR;
}
I hope you can take this haphazard issue submit, and do whatever is right
with it - to get this patch considered. Thanks!
On Fri, Feb 21, 2020 at 1:06 PM Lexi Haley <lhaley@meditech.com> wrote:
> continuing notes - as I am quite accustomed to working with the data
> structures and processes for LDAP - my hacky fudge was just that - and al=
so
> useless. By bailing out at that point, ldapsearch doesn't list the
> tag=3Dvalue results. I am continuing to dig around ...
>
> Lexi
>
> On Thu, Feb 20, 2020 at 3:09 PM <openldap-its@openldap.org> wrote:
>
>>
>> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
>>
>> Thanks for your report to the OpenLDAP Issue Tracking System. Your
>> report has been assigned the tracking number ITS#9175.
>>
>> One of our support engineers will look at your report in due course.
>> Note that this may take some time because our support engineers
>> are volunteers. They only work on OpenLDAP when they have spare
>> time.
>>
>> If you need to provide additional information in regards to your
>> issue report, you may do so by replying to this message. Note that
>> any mail sent to openldap-its@openldap.org with (ITS#9175)
>> in the subject will automatically be attached to the issue report.
>>
>> mailto:openldap-its@openldap.org?subject=3D(ITS#9175)
>>
>> You may follow the progress of this report by loading the following
>> URL in a web browser:
>> http://www.OpenLDAP.org/its/index.cgi?findid=3D9175
>>
>> Please remember to retain your issue tracking number (ITS#9175)
>> on any further messages you send to us regarding this report. If
>> you don't then you'll just waste our time and yours because we
>> won't be able to properly track the report.
>>
>> Please note that the Issue Tracking System is not intended to
>> be used to seek help in the proper use of OpenLDAP Software.
>> Such requests will be closed.
>>
>> OpenLDAP Software is user supported.
>> http://www.OpenLDAP.org/support/
>>
>> --------------
>> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
>>
>>
>
> --
>
> Lexi Haley (she/her/hers)
>
> Computer Scientist, System Tools, Advanced Technology Division
>
> Medical Information Technology, Inc.
>
> Office: 781-774-5156 | Mobile: 508-713-2499
>
> lhaley@meditech.com
>
> MEDITECH Circle, Westwood, MA 02090
>
> Main: 781-821-3000 | Fax: 781-821-2199
>
--=20
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley@meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--=20
<https://ehr.meditech.com/expanse>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =20
<https://www.linkedin.com/company/meditech>=C2=A0 =20
<https://twitter.com/MEDITECH>=C2=A0=C2=A0 <https://www.facebook.com/Medite=
chEHR>
Subscribe=20
<https://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D86429=
9ec-5abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326>=20
to receive emails from MEDITECH or to change email preferences.
--00000000000062d6a8059f1bda34
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">FOUND THE ISSUE!=C2=A0 So - in GDB , while paused in the &=
quot;{mM}" processing that ber_scanf does (called from=C2=A0ldap_get_a=
ttribute_ber), I kept seeing the variable arguments list not properly setti=
ng off --- and sure enough, digging in memory, on the stack was 0x100000000=
...=C2=A0 which was the cause of the eventual segfault.<div><br></div><div=
>Well, backtracking to the ber_scanf call itself, I see a zero 0 which isn&=
#39;t cast to the ber_len_t type, and as such, will only occupy 4 bytes as =
a sizeof=C2=A0int - instead of (( on my system 8, for sizeof (ber_len_t).=
=C2=A0 So - the solution was just=C2=A0to cast the argument.=C2=A0 So that =
the=C2=A0cookie.off =3D va_arg( ap, ber_len_t ); will unpack only bytes we&=
#39;ve intentionally sent it -- not garbage left over.</div><div><br></div>=
<div>So - the change suggested is:</div><div><br></div><div><br></div><div>=
<font face=3D"monospace">diff --git a/libraries/libldap/getattr.c b/librari=
es/libldap/getattr.c<br>index 31784d765..0300ea574 100644<br>--- a/librarie=
s/libldap/getattr.c<br>+++ b/libraries/libldap/getattr.c<br>@@ -147,7 +147,=
7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement *ber,=
<br><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* skip seq=
uence, snarf attribute type */<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 tag =3D ber_scanf( ber, vals ? "{mM}" : "{mx}=
", attr, vals,<br>- =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, 0 );<br>+ =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, (ber_len_t)0 );=
<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if( tag =3D=3D =
LBER_ERROR ) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 rc =3D ld->ld_errno =3D LDAP_DECODING_ERROR;=
<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }</font><br></d=
iv><div><br></div><div><br></div><div>I hope you can take this haphazard is=
sue submit, and do whatever is right with it - to get this patch considered=
.=C2=A0 Thanks!</div><div><br></div><div><br></div></div><br><div class=3D"=
gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Feb 21, 2020 at =
1:06 PM Lexi Haley <<a href=3D"mailto:lhaley@meditech.com";>lhaley@medite=
ch.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"m=
argin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left=
:1ex"><div dir=3D"ltr">continuing notes - as I am quite accustomed to worki=
ng with the data structures and processes for LDAP - my hacky fudge was jus=
t that - and also useless.=C2=A0 By bailing out at that point, ldapsearch d=
oesn't list the tag=3Dvalue results.=C2=A0 I am continuing to dig aroun=
d ...<div><br></div><div>Lexi</div></div><br><div class=3D"gmail_quote"><di=
v dir=3D"ltr" class=3D"gmail_attr">On Thu, Feb 20, 2020 at 3:09 PM <<a h=
ref=3D"mailto:openldap-its@openldap.org"; target=3D"_blank">openldap-its@ope=
nldap.org</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><br>
*** THIS IS AN AUTOMATICALLY GENERATED REPLY ***<br>
<br>
Thanks for your report to the OpenLDAP Issue Tracking System.=C2=A0 Your<br=
>
report has been assigned the tracking number ITS#9175.<br>
<br>
One of our support engineers will look at your report in due course.<br>
Note that this may take some time because our support engineers<br>
are volunteers.=C2=A0 They only work on OpenLDAP when they have spare<br>
time.<br>
<br>
If you need to provide additional information in regards to your<br>
issue report, you may do so by replying to this message.=C2=A0 Note that<br=
>
any mail sent to <a href=3D"mailto:openldap-its@openldap.org"; target=3D"_bl=
ank">openldap-its@openldap.org</a> with (ITS#9175)<br>
in the subject will automatically be attached to the issue report.<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 mailto:<a href=3D"mailto:openldap-its@openldap.=
org" target=3D"_blank">openldap-its@openldap.org</a>?subject=3D(ITS#9175)<b=
r>
<br>
You may follow the progress of this report by loading the following<br>
URL in a web browser:<br>
=C2=A0 =C2=A0 <a href=3D"http://www.OpenLDAP.org/its/index.cgi?findid=3D917=
5" rel=3D"noreferrer" target=3D"_blank">http://www.OpenLDAP.org/its/index.c=
gi?findid=3D9175</a><br>
<br>
Please remember to retain your issue tracking number (ITS#9175)<br>
on any further messages you send to us regarding this report.=C2=A0 If<br>
you don't then you'll just waste our time and yours because we<br>
won't be able to properly track the report.<br>
<br>
Please note that the Issue Tracking System is not intended to<br>
be used to seek help in the proper use of OpenLDAP Software.<br>
Such requests will be closed.<br>
<br>
OpenLDAP Software is user supported.<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"http://www.OpenLDAP.org/support/"; re=
l=3D"noreferrer" target=3D"_blank">http://www.OpenLDAP.org/support/</a><br>
<br>
--------------<br>
Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.<br>
<br>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><p dir=3D"ltr=
" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><span style=3D"font-size:13pt;font-family:Verdana;color:rgb(0,0,0);fo=
nt-weight:700;vertical-align:baseline;white-space:pre-wrap">Lexi Haley </sp=
an><span style=3D"color:rgb(102,102,102);font-family:Verdana;font-size:13.3=
333px;white-space:pre-wrap">(she/her/hers)</span></p><p dir=3D"ltr" style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,102);ver=
tical-align:baseline;white-space:pre-wrap">Computer Scientist, System Tools=
, Advanced Technology Division</span></p><p dir=3D"ltr" style=3D"color:rgb(=
80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"=
font-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:ba=
seline;white-space:pre-wrap">Medical Information Technology, Inc.</span></p=
><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;color=
:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Office: 781=
-774-5156 | Mobile: 508-713-2499</span></p><p style=3D"color:rgb(80,0,80);l=
ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><font face=3D"Verdana"><s=
pan style=3D"font-size:13.3333px;white-space:pre-wrap"><a href=3D"mailto:lh=
aley@meditech.com" target=3D"_blank">lhaley@meditech.com</a></span></font><=
/p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0=
pt;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;col=
or:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">MEDITECH =
Circle, Westwood, MA 02090</span></p><p dir=3D"ltr" style=3D"color:rgb(80,0=
,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font=
-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseli=
ne;white-space:pre-wrap">Main: 781-821-3000 | Fax: 781-821-2199</span></p><=
/div></div></div></div></div></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
class=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div=
dir=3D"ltr"><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;ma=
rgin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:13pt;font-family:V=
erdana;color:rgb(0,0,0);font-weight:700;vertical-align:baseline;white-space=
:pre-wrap">Lexi Haley </span><span style=3D"color:rgb(102,102,102);font-fam=
ily:Verdana;font-size:13.3333px;white-space:pre-wrap">(she/her/hers)</span>=
</p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:=
0pt;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;co=
lor:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Computer=
Scientist, System Tools, Advanced Technology Division</span></p><p dir=3D"=
ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bot=
tom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,10=
2,102);vertical-align:baseline;white-space:pre-wrap">Medical Information Te=
chnology, Inc.</span></p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-he=
ight:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10pt;f=
ont-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-spa=
ce:pre-wrap">Office: 781-774-5156 | Mobile: 508-713-2499</span></p><p style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
font face=3D"Verdana"><span style=3D"font-size:13.3333px;white-space:pre-wr=
ap"><a href=3D"mailto:lhaley@meditech.com"; target=3D"_blank">lhaley@meditec=
h.com</a></span></font></p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-=
height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10pt=
;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-s=
pace:pre-wrap">MEDITECH Circle, Westwood, MA 02090</span></p><p dir=3D"ltr"=
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:=
0pt"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,10=
2);vertical-align:baseline;white-space:pre-wrap">Main: 781-821-3000 | Fax: =
781-821-2199</span></p></div></div></div></div></div></div>
<br>
<a href=3D"https://ehr.meditech.com/expanse"; target=3D"_blank"><img src=3D"=
https://home.meditech.com/en/d/home/images/meditechemailsignaturelogo2018ex=
panse.jpg"></a><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"ht=
tps://www.linkedin.com/company/meditech" target=3D"_blank"><img src=3D"http=
s://home.meditech.com/en/d/home/images/emailsignaturelinkedin20pixels.gif" =
style=3D"font-size:1.3em"></a><span style=3D"font-size:1.3em">=C2=A0 </span=
><a href=3D"https://twitter.com/MEDITECH"; target=3D"_blank"><img src=3D"htt=
ps://home.meditech.com/en/d/home/images/emailsignaturetwitter20pixels.gif" =
style=3D"font-size:1.3em"></a><span style=3D"font-size:1.3em">=C2=A0=C2=A0<=
/span><a href=3D"https://www.facebook.com/MeditechEHR"; target=3D"_blank"><i=
mg src=3D"https://home.meditech.com/en/d/home/images/emailsignaturefacebook=
20pixels.gif" style=3D"font-size:1.3em"></a></div><div><div><a href=3D"http=
s://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D864299ec-5=
abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326" target=
=3D"_blank"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(17,=
85,204);vertical-align:baseline;white-space:pre-wrap">Subscribe</span></a><=
span style=3D"font-size:10pt;font-family:Verdana;vertical-align:baseline;wh=
ite-space:pre-wrap"> </span><span style=3D"font-size:10pt;font-family:Verda=
na;color:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">to =
receive emails from MEDITECH or to change email preferences.</span></div></=
div>
--00000000000062d6a8059f1bda34--