[ https://issues.apache.org/jira/browse/GUACAMOLE-234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Jumper reopened GUACAMOLE-234: -------------------------------------- Coverity reports the following: {code:none} *** CID 1452278: Resource leaks (RESOURCE_LEAK) /extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java: 226 in org.apache.guacamole.auth.ldap.ObjectQueryService.search(org.apache.directory.ldap.client.api.LdapNetworkConnection, org.apache.directory.api.ldap.model.name.Dn, org.apache.directory.api.ldap.model.filter.ExprNode, int)() 220 } 221 222 } 223 224 } 225 >>> CID 1452278: Resource leaks (RESOURCE_LEAK) >>> Variable "results" going out of scope leaks the resource it refers to. 226 return entries; 227 228 } 229 catch (CursorException | LdapException e) { 230 throw new GuacamoleServerException("Unable to query list of " 231 + "objects from LDAP directory.", e); {code} {code:none} *** CID 1452280: Exceptional resource leaks (RESOURCE_LEAK) /extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java: 140 in org.apache.guacamole.auth.ldap.LDAPConnectionService.bindAs(org.apache.directory.api.ldap.model.name.Dn, java.lang.String)() 134 try { 135 136 // Connect to LDAP server 137 ldapConnection.connect(); 138 139 // Explicitly start TLS if requested >>> CID 1452280: Exceptional resource leaks (RESOURCE_LEAK) >>> Variable "ldapConnection" going out of scope leaks the resource it >>> refers to. 140 if (confService.getEncryptionMethod() == EncryptionMethod.STARTTLS) 141 ldapConnection.startTls(); 142 143 } 144 catch (LdapException e) { 145 throw new GuacamoleServerException("Error connecting to LDAP server.", e); {code} There's also this, but I believe it's a false positive, seeing as it's a debug-level log message: {code:none} *** CID 1452279: Low impact security (SENSITIVE_DATA_LEAK) /extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java: 189 in org.apache.guacamole.auth.ldap.ObjectQueryService.search(org.apache.directory.ldap.client.api.LdapNetworkConnection, org.apache.directory.api.ldap.model.name.Dn, org.apache.directory.api.ldap.model.filter.ExprNode, int)() 183 * information required to execute the query cannot be read from 184 * guacamole.properties. 185 */ 186 public List<Entry> search(LdapNetworkConnection ldapConnection, 187 Dn baseDN, ExprNode query, int searchHop) throws GuacamoleException { 188 >>> CID 1452279: Low impact security (SENSITIVE_DATA_LEAK) >>> Leaking persistent secret data, "baseDN". Passing it to >>> "org.slf4j.Logger.debug(java.lang.String, java.lang.Object, >>> java.lang.Object)" stores it to a log file or displays it on the console. 189 logger.debug("Searching \"{}\" for objects matching \"{}\".", baseDN, query); 190 191 try { 192 193 LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig(); 194 {code} > Migrate from JLDAP to Apache Directory LDAP API > ----------------------------------------------- > > Key: GUACAMOLE-234 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-234 > Project: Guacamole > Issue Type: Improvement > Components: guacamole-auth-ldap > Reporter: Michael Jumper > Assignee: Nick Couchman > Priority: Minor > Fix For: 1.1.0 > > > The LDAP support currently uses [JLDAP|http://www.openldap.org/jldap/], but > that library has been unmaintained for several years now (no changes > whatsoever since 2009). Migrating away from such a library might be a good > idea. The Apache Directory project has produced an LDAP client API which > could serve as a replacement: > http://directory.apache.org/api/ -- This message was sent by Atlassian JIRA (v7.6.14#76016)