[
https://issues.apache.org/jira/browse/GUACAMOLE-234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Jumper reopened GUACAMOLE-234:
--------------------------------------
Coverity reports the following:
{code:none}
*** CID 1452278: Resource leaks (RESOURCE_LEAK)
/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java:
226 in
org.apache.guacamole.auth.ldap.ObjectQueryService.search(org.apache.directory.ldap.client.api.LdapNetworkConnection,
org.apache.directory.api.ldap.model.name.Dn,
org.apache.directory.api.ldap.model.filter.ExprNode, int)()
220 }
221
222 }
223
224 }
225
>>> CID 1452278: Resource leaks (RESOURCE_LEAK)
>>> Variable "results" going out of scope leaks the resource it refers to.
226 return entries;
227
228 }
229 catch (CursorException | LdapException e) {
230 throw new GuacamoleServerException("Unable to query list of
"
231 + "objects from LDAP directory.", e);
{code}
{code:none}
*** CID 1452280: Exceptional resource leaks (RESOURCE_LEAK)
/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java:
140 in
org.apache.guacamole.auth.ldap.LDAPConnectionService.bindAs(org.apache.directory.api.ldap.model.name.Dn,
java.lang.String)()
134 try {
135
136 // Connect to LDAP server
137 ldapConnection.connect();
138
139 // Explicitly start TLS if requested
>>> CID 1452280: Exceptional resource leaks (RESOURCE_LEAK)
>>> Variable "ldapConnection" going out of scope leaks the resource it
>>> refers to.
140 if (confService.getEncryptionMethod() ==
EncryptionMethod.STARTTLS)
141 ldapConnection.startTls();
142
143 }
144 catch (LdapException e) {
145 throw new GuacamoleServerException("Error connecting to
LDAP server.", e);
{code}
There's also this, but I believe it's a false positive, seeing as it's a
debug-level log message:
{code:none}
*** CID 1452279: Low impact security (SENSITIVE_DATA_LEAK)
/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java:
189 in
org.apache.guacamole.auth.ldap.ObjectQueryService.search(org.apache.directory.ldap.client.api.LdapNetworkConnection,
org.apache.directory.api.ldap.model.name.Dn,
org.apache.directory.api.ldap.model.filter.ExprNode, int)()
183 * information required to execute the query cannot be read from
184 * guacamole.properties.
185 */
186 public List<Entry> search(LdapNetworkConnection ldapConnection,
187 Dn baseDN, ExprNode query, int searchHop) throws
GuacamoleException {
188
>>> CID 1452279: Low impact security (SENSITIVE_DATA_LEAK)
>>> Leaking persistent secret data, "baseDN". Passing it to
>>> "org.slf4j.Logger.debug(java.lang.String, java.lang.Object,
>>> java.lang.Object)" stores it to a log file or displays it on the console.
189 logger.debug("Searching \"{}\" for objects matching \"{}\".",
baseDN, query);
190
191 try {
192
193 LdapConnectionConfig ldapConnectionConfig =
ldapConnection.getConfig();
194
{code}
> Migrate from JLDAP to Apache Directory LDAP API
> -----------------------------------------------
>
> Key: GUACAMOLE-234
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-234
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-ldap
> Reporter: Michael Jumper
> Assignee: Nick Couchman
> Priority: Minor
> Fix For: 1.1.0
>
>
> The LDAP support currently uses [JLDAP|http://www.openldap.org/jldap/], but
> that library has been unmaintained for several years now (no changes
> whatsoever since 2009). Migrating away from such a library might be a good
> idea. The Apache Directory project has produced an LDAP client API which
> could serve as a replacement:
> http://directory.apache.org/api/
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
