[Issue 9607] New: ldapsearch nettimeout option is not respected

Fri, 09 Jul 2021 05:24:14 -0700 

https://bugs.openldap.org/show_bug.cgi?id=9607

          Issue ID: 9607
           Summary: ldapsearch nettimeout option is not respected
           Product: OpenLDAP
           Version: 2.5.5
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: ---
         Component: client tools
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Description of problem:
ldapsearch doesn't respect nettimeout option and hangs forever if the server is
not accessible (for example when packets are dropped by iptables).

Version-Release number of selected component (if applicable):
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.5.5 (Jul  9 2021 07:02:36) $
Checking with openssl-1.1.1k

Additionally:
The issue is also present in the older versions.
Also, the issue still exists with openssl-3.0.0-0.alpha16

How reproducible:
always

Steps to Reproduce:
1. iptables -A INPUT -p tcp --sport 636 -m tcp --tcp-flags PSH PSH -j DROP
2. ldapsearch -o nettimeout=3 -H ldaps://192.168.0.1 -b dc=example,dc=com -x -s
base

Actual results:
ldapsearch hangs 

Expected results:
ldapsearch should return error:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Additional info:
ldap_url_parse_ext(ldaps://192.168.0.1)
ldap_create
ldap_url_parse_ext(ldaps://192.168.0.1:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.0.1:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.0.1:636
ldap_pvt_connect: fd: 3 tm: 3 async: 0
ldap_ndelay_on: 3
attempting to connect: 
connect errno: 115
ldap_int_poll: fd: 3 tm: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_pvt_connect: 0
TLS trace: SSL_connect:before SSL initialization
tls_write: want=285, written=285
  0000:  16 03 01 01 18 01 00 01  14 03 03 d9 3e 1d 7f d5   ............>...  
  0010:  d9 4d 52 b5 3f 49 33 f5  b2 4b 2c 1a 24 0b 3f d6   .MR.?I3..K,.$.?.  
  ...
  ...
  0100:  e1 be fe 47 48 5c 93 91  6b eb fd 36 94 fd 64 7b   ...GH\..k..6..d{  
  0110:  84 80 7a 25 c5 c5 a4 9b  d2 53 28 62 25            ..z%.....S(b%     
TLS trace: SSL_connect:SSLv3/TLS write client hello
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_connect:SSLv3/TLS write client hello
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_connect:SSLv3/TLS write client hello
tls_read: want=5 error=Resource temporarily unavailable
...
Repeats the following lines eternally:
TLS trace: SSL_connect:SSLv3/TLS write client hello
tls_read: want=5 error=Resource temporarily unavailable

-- 
You are receiving this mail because:
You are on the CC list for the issue.

Reply via email to