https://bugs.openldap.org/show_bug.cgi?id=10423
Issue ID: 10423
Summary: It is possible via cn=config to add an entry of one
database type with the object class of another,
causing OpenLDAP to crash
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
This happens specifically because the user by mistake attempts to create a meta
database by specifying the object class for back-ldap. Since these share a lot
of common attributes, schema checks do not fail. As a result, slapd initializes
a meta database (based on olcDatabase value), but attempts to manipulate an
initialized back-ldap database after that, and segfaults.
Like this:
dn: olcDatabase=meta,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: meta
olcDbURI: "ldap://example.com";
While it seems this is only possible for the proxy databases, we cannot rely
that schema checks on attributes will fail for other database combinations, who
knows what common attributes can be added or supplied in the future, we we have
to fix this.
The issue is reproducible via slapadd and at runtime with ldapadd.
--
You are receiving this mail because:
You are on the CC list for the issue.
