204566 – Adjustment for new LDAP C SDK (ber_get_next_buffer_ext)

Bug 204566 - Adjustment for new LDAP C SDK (ber_get_next_buffer_ext)

Summary: Adjustment for new LDAP C SDK (ber_get_next_buffer_ext)

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Directory Server
Sub Component:
Version:	1.0.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Noriko Hosoi
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	152373 fds103trackingbug 240316
TreeView+	depends on / blocked

Reported:	2006-08-30 01:05 UTC by Noriko Hosoi
Modified:	2015-12-07 17:16 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-07 17:16:03 UTC
Embargoed:

Attachments	(Terms of Use)
cvs diff ldapserver/ldap/servers/slapd/connection.c (4.48 KB, patch) 2006-08-30 01:26 UTC, Noriko Hosoi	no flags	Details \| Diff
cvs diff ldapserver/ldap/servers/slapd/connection.c (4.48 KB, patch) 2006-08-31 23:22 UTC, Noriko Hosoi	no flags	Details \| Diff
cvs commit message (702 bytes, text/plain) 2006-08-31 23:28 UTC, Noriko Hosoi	no flags	Details
View All

Description Noriko Hosoi 2006-08-30 01:05:52 UTC

Description of problem:
LDAP C SDK function -- ber_get_next_buffer_ext's API has been changed since the
Sun code merge.  (See also https://bugzilla.mozilla.org/show_bug.cgi?id=347933)
We need to update the connection code to adjust.
ber_get_next_buffer_ext in mozilla/directory/c-sdk/ldap/libraries/liblber/io.c
Original:
/*
 * Returns the tag of the message or LBER_DEFAULT if an error occurs. There
 * are two cases where LBER_DEFAULT is returned:
 *
 * 1) There was not enough data in the buffer to complete the message; this
 *    is a "soft" error. In this case, *Bytes_Scanned is set to a positive
 *    number.
 *
 * 2) A "fatal" error occurs. In this case, *Bytes_Scanned is set to zero.
 *    To check for specific errors, the system error number (errno) must
 *    be consulted.  These errno values are explicitly set by this
 *    function; other errno values may be set by underlying OS functions:
 *
 *    EINVAL   - LBER_SOCKBUF_OPT_VALID_TAG option set but tag does not match.
 *    EMSGSIZE - length was not represented as <= sizeof(long) bytes or the
 *                  LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE option was set and the
 *                  message is longer than the maximum. *len will be set in
 *                  the latter situation.
 */

New:
/*
 * Returns the tag of the message or LBER_ return code if an error occurs.
 *
 * If there was not enough data in the buffer to complete the message this
 * is a "soft" error. In this case, *Bytes_Scanned is set to a positive
 * number and return code is set to LBER_DEFAULT.
 *
 * On overflow condition when the length is either bigger than ber_uint_t
 * type or the value preset via LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE option,
 * *Bytes_Scanned is set to zero and return code is set to LBER_OVERFLOW.
 *
 * For backward compatibility errno is also set on these error conditions:
 *
 * EINVAL   - LBER_SOCKBUF_OPT_VALID_TAG option set but tag doesnt match.
 * EMSGSIZE - an overflow condition as described above for LBER_OVERFLOW.
 */

Comment 1 Noriko Hosoi 2006-08-30 01:26:55 UTC

Created attachment 135178 [details]
cvs diff ldapserver/ldap/servers/slapd/connection.c

File:
  ldapserver/ldap/servers/slapd/connection.c

Changes:
  1) When ber_get_next_buffer_ext fails, not just LBER_DEFAULT but 
  LBER_OVERFLOW can be set to the ber tag.  Thus, LBER_OVERFLOW is also
  checked in the error check now.
  2) The too large length error used be checked as "errno == EMSGSIZE",
  which is replaced with "tag == LBER_OVERFLOW"
  3) When the too large length error occurs, the following error was logged
  in the errors log, which was not appropriate since increasing 
  nsslapd-maxbersize did not solve the problem.
     connection - conn=7 fd=65 Incoming BER Element was too long, max 
     allowable is 2097152 bytes. Change the nsslapd-maxbersize attribute 
     in cn=config to increase.
  Removed the error logging.
  4) When the error occurs, B2 (== SLAPD_DISCONNECT_BER_TOO_BIG) is added
  at the end of the closed error in the access log.  Error code EMSGSIZE
  and its description has been added:
     conn=7 op=-1 fd=65 closed error 90 (Message too long) - B2

Comment 2 Rich Megginson 2006-08-30 16:01:51 UTC

In general, you should use ber_tag_t instead of int tag, and ber_len_t or
ber_slen_t for lengths, which I think should be Bytes_Scanned, Bytes_Read, and
ber_len.  Same with the arguments to get_next_from_buffer - use ber types.

Otherwise, looks good.

Comment 3 Nathan Kinder 2006-08-30 23:29:05 UTC

The proposed fix looks good to me.  I agree with Rich's comments about using ber
types, but you don't have to deal with them in this bug.  I've already addressed
using the proper ber types in this code in my proposed fix for bug 204517.

Comment 4 Noriko Hosoi 2006-08-31 23:22:29 UTC

Created attachment 135348 [details]
cvs diff ldapserver/ldap/servers/slapd/connection.c

Updated my local tree to merge with the Nathan's checkin for [204517].
No changes for this bug.

Comment 5 Noriko Hosoi 2006-08-31 23:28:15 UTC

Created attachment 135349 [details]
cvs commit message

Thanks for the review, Rich and Nathan.
Checked in.

Comment 6 Noriko Hosoi 2007-11-30 00:25:26 UTC

Verification steps:

1. Create bug624390a.ldif as described in TET/smrepl/smrepl.ksh bug624390a test
case,
2. Add the ldif: ldapmodify -D "cn=Directory Manager" -w ps -a -f ./bug624390a.ldif
3. Check the access log:
[..] conn=2 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1
[..] conn=2 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[..] conn=2 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[..] conn=2 op=-1 fd=64 closed error 90 (Message too long) - B2

If yo usee "Message too long", the server is working as expected.

I.e., verified.

Note You need to log in before you can comment on or make changes to this bug.