Bug 1104069
| Summary: | perl-LDAP sets wrong length for function _sendmesg | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jaroslav Aster <jaster> | ||||||
| Component: | perl-LDAP | Assignee: | Petr Pisar <ppisar> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Stefan Kremen <skremen> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 6.5 | CC: | jplesnik, mnavrati, ppisar, psabata, skremen | ||||||
| Target Milestone: | rc | Keywords: | Patch | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | perl-LDAP-0.40-2.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: |
Previously, when using a Perl LDAP client with the Simple Authentication and Security Layer (SASL) mechanism, the LDAP server could receive corrupted LDAP queries. The Net::LDAP Perl module has been fixed to pass the actual query length to the syswrite() function instead of fixed 1,500 bytes. This can be redefined by other protocol layers like SASL authentication implementation. As a result, the Net::LDAP client no longer corrupts sent LDAP queries.
|
Story Points: | --- | ||||||
| Clone Of: | |||||||||
| : | 1104243 (view as bug list) | Environment: | |||||||
| Last Closed: | 2015-12-15 16:37:43 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Jaroslav Aster
2014-06-03 08:38:09 UTC
The patch does:
my $to_send = \( $mesg->pdu );
my $offset = 0;
while($offset < length($$to_send)) {
my $s = substr($$to_send, $offset, 15000);
- my $n = syswrite($socket, $s, length($s))
+ my $n = syswrite($socket, $s, 15000)
or return _error($ldap, $mesg, LDAP_LOCAL_ERROR,"$!");
$offset += $n;
}
(In reply to Petr Pisar from comment #1) > The patch does: > > my $to_send = \( $mesg->pdu ); > my $offset = 0; > while($offset < length($$to_send)) { > my $s = substr($$to_send, $offset, 15000); > - my $n = syswrite($socket, $s, length($s)) > + my $n = syswrite($socket, $s, 15000) > or return _error($ldap, $mesg, LDAP_LOCAL_ERROR,"$!"); > $offset += $n; > } It is not true in case that whole string or the last substring is shorter than 15000. In that case, length($s) returns properly value and it prevents failure of WRITE in perl-Authen-SASL. Comment on attachment 901670 [details]
LDAP-Fix_size_of_packet.patch
Patch is wrong.
Jitka has right. If the string for function syswrite is shorter then len (15000), it leads to ERROR in WRITE function in perl-Authen-SASL. I have test for it and I can reproduce it on rhel6.
Previous patch was wrong. Right patch is here:
--- /usr/share/perl5/Net/LDAP.pm.orig 2014-06-03 08:52:01.194328356 -0400
+++ /usr/share/perl5/Net/LDAP.pm 2014-06-03 08:53:04.561148330 -0400
@@ -801,7 +801,8 @@ sub _sendmesg {
my $to_send = \( $mesg->pdu );
my $offset = 0;
while($offset < length($$to_send)) {
- my $n = syswrite($socket, substr($$to_send, $offset, 15000), 15000)
+ my $s = substr($$to_send, $offset, 15000);
+ my $n = syswrite($socket, $s, length($s))
or return _error($ldap, $mesg, LDAP_LOCAL_ERROR,"$!");
$offset += $n;
}
Created attachment 924408 [details]
Upstream fix
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2646.html |