Bug 192829
| Summary: | Bug in processing parenthesis when using AuthzLDAPMapMethod 'issuersubject' | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Jose Plans <jplans> | ||||||
| Component: | mod_authz_ldap | Assignee: | Joe Orton <jorton> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 4.0 | CC: | k.georgiou, tao | ||||||
| Target Milestone: | --- | Keywords: | Reopened | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | RHBA-2007-0232 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2007-05-01 17:13:09 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 176344, 198694 | ||||||||
| Attachments: |
|
||||||||
Created attachment 129867 [details]
Patch fixing the parsing issue.
Created attachment 131536 [details]
More complete patch. This one definitely solves the issue.
The component this request has been filed against is not planned for inclusion in the next update. The decision is based on weighting the priority and number of requests for a component as well as the impact on the Red Hat Enterprise Linux user-base: other components are considered having higher priority and the number of changes we intend to include in update cycles is limited. Product Management has reviewed and declined this request. You may appeal this decision by reopening this request. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0232.html fixed problem with bugzilla - CRM ticket closed by customer Internal Status set to 'Resolved' Status set to: Closed by Client Resolution set to: 'Security Errata' This event sent from IssueTracker by zakhtar issue 94280 |
Hi, this customer experiences problems with their client certificate when using mod_authz_ldap and using AuthzLDAPMapMethod. It seems the problem comes from processing the parenthesis, the parse is not correct and fails validating the veractity of the certificate, ending up within a neverending loop. This only seems to happen when using the option AuthzLDAPMapMethod 'issuersubject'. The versions affected are mod_authz_ldap-0.26-2 The original code presents : while ((*p) && ((q - new) < MAX_STRING_LEN)) if ((*p == '(') || (*p == ')')) { *q++ = '\\'; *q++ = *p++; } *q = '\0'; But does not seem to be correct, as the customer stated, *q++ = *p++ should be out of the condition to let the pointers go to the next chars. The solution should be : while ((*p) && ((q - new) < MAX_STRING_LEN)) { if ((*p == '(') || (*p == ')')) *q++ = '\\'; *q++ = *p++; } *q = '\0'; Please find attached the correspondant patch fixing this parsing problem. jose