Created attachment 338069 [details] patch valgrind reports an invalid read in security.c when parsing the CRL file.
Created attachment 338073 [details] cvs commit log Reviewed by: nkinder (Thanks!) Fix Description: security.c uses strstr to search for the begin and end crl header and footer. This assumes the buffer is null terminated, but it is not. The fix is to null terminate the buffer. Platforms tested: RHEL5 Flag Day: no Doc impact: no
fedora-ds-admin-1.1.7-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/fedora-ds-admin-1.1.7-2.fc9
fedora-ds-admin-1.1.7-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/fedora-ds-admin-1.1.7-2.fc10
attaching valgrind output from RHEL 5 DS 8.1 - importing CRL Do not find any security.c messages in output. Please review attached report for validation. Thanks.
Created attachment 338329 [details] valgrind output
It's actually not a problem with slapd, it's a problem with the security CGI program in /usr/lib[64]/dirsrv/cgi-bin/security
okay. Can you please add steps to verify? Thanks
Created attachment 338366 [details] security shell script cd /usr/lib/dirsrv/cgi-bin or /usr/lib64/dirsrv/cgi-bin mv security security.orig Then copy the attached shell script to security chmod +x security add the crl in the console The valgrind and other files will be in /tmp/security
Created attachment 338376 [details] When loading the CRL with the security shell script attached in place, loading the CRL almost halts the system and the console eventually times out with an http error. It did produce a number of log
Please let me know if this is enough or I need to try something else. Thanks
I checked all of the valgrind files - all of them report No Errors. Verified.
Thank you Rich! verified RHEL 4 DS 8.1
fedora-ds-admin-1.1.7-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
fedora-ds-admin-1.1.7-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html