Bug 1104243

Summary: perl-LDAP sets wrong length for function _sendmesg
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Aster <jaster>
Component: perl-LDAPAssignee: Petr Pisar <ppisar>
Status: CLOSED ERRATA QA Contact: Jaroslav Aster <jaster>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: jplesnik, ppisar
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: perl-LDAP-0.56-3.el7 Doc Type: Bug Fix
Doc Text:
Cause: Using Perl LDAP client with SASL authentication mechanism. Consequence: LDAP server can receive corrupted LDAP queries. Fix: Net::LDAP Perl module was fixed to pass actual query length instead of fixed 1500 bytes to the syswrite() function which can be redefined by other protocol layers, like SASL authentication implementation. Result: Net::LDAP client does not corrupt sent LDAP queries.
 Story Points: ---
Clone Of: 1104069 Environment:
Last Closed: 2015-03-05 07:13:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Upstream fix ported to 0.56 none

Description Jaroslav Aster 2014-06-03 15:27:55 UTC 
I am not able to reproduce this bug against ipa-server which I used for reproducing bug 1104069 in rhel6, using bad_sasl.pl program, there are a lot of changes in a lot of components between RHEL6 and RHEL7, but the code in perl-LDAP is the same.

+++ This bug was initially created as a clone of Bug #1104069 +++

Description of problem:

perl-LDAP sets wrong length for function _sendmesg and this may cause error in function WRITE in perl-Authen-SASL when length of message is shorter than length. This bug is related with bug described in this bug report https://bugzilla.redhat.com/show_bug.cgi?id=965739.

Version-Release number of selected component (if applicable):

perl-LDAP-0.40-1.el6


How reproducible:


Steps to Reproduce:

Steps how to reproduce this bug are described in bug report for bug 965739. It is needed to use specific version of some packages.

389-ds-base-1.2.11.15-X.el6 where X is less than 22 or use Z-stream version of this package for rhel6.4. I use 389-ds-base-1.2.11.15-22.el6_4.

perl-Authen-SASL-2.13-2.el6

Actual results:

Program bad_sasl.pl from bug report for bug 965739 fails.

Expected results:

No fails.

Additional info:

Patch is added as an attachment.
Comment 1 Jaroslav Aster 2014-06-03 15:33:05 UTC 
Version-Release number of selected component (if applicable):

perl-LDAP-0.56-2.el7
Comment 2 Petr Pisar 2014-06-13 07:22:39 UTC 
The fix is:

--- /usr/share/perl5/Net/LDAP.pm.orig   2014-06-03 08:52:01.194328356 -0400
+++ /usr/share/perl5/Net/LDAP.pm        2014-06-03 08:53:04.561148330 -0400
@@ -801,7 +801,8 @@ sub _sendmesg {
   my $to_send = \( $mesg->pdu );
   my $offset = 0;
   while($offset < length($$to_send)) {
-    my $n = syswrite($socket, substr($$to_send, $offset, 15000), 15000)
+    my $s = substr($$to_send, $offset, 15000);
+    my $n = syswrite($socket, $s, length($s))
       or return _error($ldap, $mesg, LDAP_LOCAL_ERROR,"$!");
     $offset += $n;
   }
Comment 4 Petr Pisar 2014-08-06 14:10:11 UTC 
Created attachment 924494 [details]
Upstream fix ported to 0.56
Comment 9 errata-xmlrpc 2015-03-05 07:13:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0333.html