RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1104243 - perl-LDAP sets wrong length for function _sendmesg
Summary: perl-LDAP sets wrong length for function _sendmesg
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: perl-LDAP
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Petr Pisar
QA Contact: Jaroslav Aster
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-03 15:27 UTC by Jaroslav Aster
Modified: 2015-03-05 07:13 UTC (History)
2 users (show)

Fixed In Version: perl-LDAP-0.56-3.el7
Doc Type: Bug Fix
Doc Text:
Cause: Using Perl LDAP client with SASL authentication mechanism. Consequence: LDAP server can receive corrupted LDAP queries. Fix: Net::LDAP Perl module was fixed to pass actual query length instead of fixed 1500 bytes to the syswrite() function which can be redefined by other protocol layers, like SASL authentication implementation. Result: Net::LDAP client does not corrupt sent LDAP queries.
Clone Of: 1104069
Environment:
Last Closed: 2015-03-05 07:13:38 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Upstream fix ported to 0.56 (1.27 KB, patch)
2014-08-06 14:10 UTC, Petr Pisar 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
CPAN 96203 0 None None None Never
Red Hat Product Errata RHBA-2015:0333 0 normal SHIPPED_LIVE perl-LDAP bug fix update 2015-03-05 12:09:20 UTC

Description Jaroslav Aster 2014-06-03 15:27:55 UTC 
I am not able to reproduce this bug against ipa-server which I used for reproducing bug 1104069 in rhel6, using bad_sasl.pl program, there are a lot of changes in a lot of components between RHEL6 and RHEL7, but the code in perl-LDAP is the same.

+++ This bug was initially created as a clone of Bug #1104069 +++

Description of problem:

perl-LDAP sets wrong length for function _sendmesg and this may cause error in function WRITE in perl-Authen-SASL when length of message is shorter than length. This bug is related with bug described in this bug report https://bugzilla.redhat.com/show_bug.cgi?id=965739.

Version-Release number of selected component (if applicable):

perl-LDAP-0.40-1.el6


How reproducible:


Steps to Reproduce:

Steps how to reproduce this bug are described in bug report for bug 965739. It is needed to use specific version of some packages.

389-ds-base-1.2.11.15-X.el6 where X is less than 22 or use Z-stream version of this package for rhel6.4. I use 389-ds-base-1.2.11.15-22.el6_4.

perl-Authen-SASL-2.13-2.el6

Actual results:

Program bad_sasl.pl from bug report for bug 965739 fails.

Expected results:

No fails.

Additional info:

Patch is added as an attachment.
Comment 1 Jaroslav Aster 2014-06-03 15:33:05 UTC 
Version-Release number of selected component (if applicable):

perl-LDAP-0.56-2.el7
Comment 2 Petr Pisar 2014-06-13 07:22:39 UTC 
The fix is:

--- /usr/share/perl5/Net/LDAP.pm.orig   2014-06-03 08:52:01.194328356 -0400
+++ /usr/share/perl5/Net/LDAP.pm        2014-06-03 08:53:04.561148330 -0400
@@ -801,7 +801,8 @@ sub _sendmesg {
   my $to_send = \( $mesg->pdu );
   my $offset = 0;
   while($offset < length($$to_send)) {
-    my $n = syswrite($socket, substr($$to_send, $offset, 15000), 15000)
+    my $s = substr($$to_send, $offset, 15000);
+    my $n = syswrite($socket, $s, length($s))
       or return _error($ldap, $mesg, LDAP_LOCAL_ERROR,"$!");
     $offset += $n;
   }
Comment 4 Petr Pisar 2014-08-06 14:10:11 UTC 
Created attachment 924494 [details]
Upstream fix ported to 0.56
Comment 9 errata-xmlrpc 2015-03-05 07:13:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0333.html
Note You need to log in before you can comment on or make changes to this bug.