Bug 204566

Summary: Adjustment for new LDAP C SDK (ber_get_next_buffer_ext)
Product: [Retired] 389 Reporter: Noriko Hosoi <nhosoi>
Component: Directory ServerAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0.2CC: nkinder, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 17:16:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 152373, 208654, 240316    
Attachments:
Description Flags
cvs diff ldapserver/ldap/servers/slapd/connection.c
none
cvs diff ldapserver/ldap/servers/slapd/connection.c
none
cvs commit message none

Description Noriko Hosoi 2006-08-30 01:05:52 UTC 
Description of problem:
LDAP C SDK function -- ber_get_next_buffer_ext's API has been changed since the
Sun code merge.  (See also https://bugzilla.mozilla.org/show_bug.cgi?id=347933)
We need to update the connection code to adjust.
ber_get_next_buffer_ext in mozilla/directory/c-sdk/ldap/libraries/liblber/io.c
Original:
/*
 * Returns the tag of the message or LBER_DEFAULT if an error occurs. There
 * are two cases where LBER_DEFAULT is returned:
 *
 * 1) There was not enough data in the buffer to complete the message; this
 *    is a "soft" error. In this case, *Bytes_Scanned is set to a positive
 *    number.
 *
 * 2) A "fatal" error occurs. In this case, *Bytes_Scanned is set to zero.
 *    To check for specific errors, the system error number (errno) must
 *    be consulted.  These errno values are explicitly set by this
 *    function; other errno values may be set by underlying OS functions:
 *
 *    EINVAL   - LBER_SOCKBUF_OPT_VALID_TAG option set but tag does not match.
 *    EMSGSIZE - length was not represented as <= sizeof(long) bytes or the
 *                  LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE option was set and the
 *                  message is longer than the maximum. *len will be set in
 *                  the latter situation.
 */

New:
/*
 * Returns the tag of the message or LBER_ return code if an error occurs.
 *
 * If there was not enough data in the buffer to complete the message this
 * is a "soft" error. In this case, *Bytes_Scanned is set to a positive
 * number and return code is set to LBER_DEFAULT.
 *
 * On overflow condition when the length is either bigger than ber_uint_t
 * type or the value preset via LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE option,
 * *Bytes_Scanned is set to zero and return code is set to LBER_OVERFLOW.
 *
 * For backward compatibility errno is also set on these error conditions:
 *
 * EINVAL   - LBER_SOCKBUF_OPT_VALID_TAG option set but tag doesnt match.
 * EMSGSIZE - an overflow condition as described above for LBER_OVERFLOW.
 */
Comment 1 Noriko Hosoi 2006-08-30 01:26:55 UTC 
Created attachment 135178 [details]
cvs diff ldapserver/ldap/servers/slapd/connection.c

File:
  ldapserver/ldap/servers/slapd/connection.c

Changes:
  1) When ber_get_next_buffer_ext fails, not just LBER_DEFAULT but 
  LBER_OVERFLOW can be set to the ber tag.  Thus, LBER_OVERFLOW is also
  checked in the error check now.
  2) The too large length error used be checked as "errno == EMSGSIZE",
  which is replaced with "tag == LBER_OVERFLOW"
  3) When the too large length error occurs, the following error was logged
  in the errors log, which was not appropriate since increasing 
  nsslapd-maxbersize did not solve the problem.
     connection - conn=7 fd=65 Incoming BER Element was too long, max 
     allowable is 2097152 bytes. Change the nsslapd-maxbersize attribute 
     in cn=config to increase.
  Removed the error logging.
  4) When the error occurs, B2 (== SLAPD_DISCONNECT_BER_TOO_BIG) is added
  at the end of the closed error in the access log.  Error code EMSGSIZE
  and its description has been added:
     conn=7 op=-1 fd=65 closed error 90 (Message too long) - B2
Comment 2 Rich Megginson 2006-08-30 16:01:51 UTC 
In general, you should use ber_tag_t instead of int tag, and ber_len_t or
ber_slen_t for lengths, which I think should be Bytes_Scanned, Bytes_Read, and
ber_len.  Same with the arguments to get_next_from_buffer - use ber types.

Otherwise, looks good.
Comment 3 Nathan Kinder 2006-08-30 23:29:05 UTC 
The proposed fix looks good to me.  I agree with Rich's comments about using ber
types, but you don't have to deal with them in this bug.  I've already addressed
using the proper ber types in this code in my proposed fix for bug 204517.
Comment 4 Noriko Hosoi 2006-08-31 23:22:29 UTC 
Created attachment 135348 [details]
cvs diff ldapserver/ldap/servers/slapd/connection.c

Updated my local tree to merge with the Nathan's checkin for [204517].
No changes for this bug.
Comment 5 Noriko Hosoi 2006-08-31 23:28:15 UTC 
Created attachment 135349 [details]
cvs commit message

Thanks for the review, Rich and Nathan.
Checked in.
Comment 6 Noriko Hosoi 2007-11-30 00:25:26 UTC 
Verification steps:

1. Create bug624390a.ldif as described in TET/smrepl/smrepl.ksh bug624390a test
case,
2. Add the ldif: ldapmodify -D "cn=Directory Manager" -w ps -a -f ./bug624390a.ldif
3. Check the access log:
[..] conn=2 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1
[..] conn=2 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[..] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[..] conn=2 op=-1 fd=64 closed error 90 (Message too long) - B2

If yo usee "Message too long", the server is working as expected.

I.e., verified.