Bug 164402 - ./ns-slapd crashes on bind containing invalid dn and password.
./ns-slapd crashes on bind containing invalid dn and password.
Status: CLOSED NEXTRELEASE
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
7.1
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Rich Megginson
Orla Hegarty
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-27 13:26 EDT by James Lawyer
Modified: 2007-04-18 13:29 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-01 20:54:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
tcpdump of ldap session that crashed the server (335.51 KB, application/octet-stream)
2005-08-26 23:20 EDT, James Lawyer
no flags Details
tcpdump of ldap session that crashed the server (335.51 KB, application/octet-stream)
2005-08-26 23:20 EDT, James Lawyer
no flags Details

  None (edit)
Description James Lawyer 2005-07-27 13:26:42 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50110; .NET CLR 1.1.4322; .NET CLR 2.0.50215)

Description of problem:
slapd crashes when an LDAP bind is received containing bind information in EBCDIC charater set. Perl Net::LDAP running on IBM Z/OS mainframe constructs its bind in EBCDIC since the mainframe is an EBCDIC machine. However, slapd crashes rather then catching the problem and issuing an error message indicating that an INVALID BIND REQUEST was received. 

slapd does not issue any error messages. It just goes away. Denial of service bug!

Version-Release number of selected component (if applicable):
fedora-ds-7.1-2.RHEL4

How reproducible:
Always

Steps to Reproduce:
1. Start SLAPD 
2. Run the perl module calling Net::LDAP
3.
  

Actual Results:  SLAPD crashes.

Expected Results:  Issue an error message indicating that an INVALID BIND REQUEST was received and do not crash.


Additional info:

I have a tcpdump of the problem. This
Comment 2 Rich Megginson 2005-08-26 18:32:33 EDT
Is there any additional information?  I don't happen to have an IBM Z/0S machine
handy, so I was going to try to reproduce this by sending some random string of
garbage data with a bind request.
Comment 3 James Lawyer 2005-08-26 23:20:27 EDT
Created attachment 118180 [details]
tcpdump of ldap session that crashed the server

Attached is a tcpdump of the data transfer that crashed the server.
Comment 4 James Lawyer 2005-08-26 23:20:51 EDT
Created attachment 118181 [details]
tcpdump of ldap session that crashed the server

Attached is a tcpdump of the data transfer that crashed the server.
Comment 5 Orla Hegarty 2005-11-01 20:54:17 EST
Fixed in next release. Verified. 

Note You need to log in before you can comment on or make changes to this bug.