On 06/11/2012 02:10 PM, [email protected] wrote: > Full_Name: Alex Rusinov > Version: slapd 2.3.43 (Feb 22 2012 15:59:04) > OS: CentOS release 5.6 (Final), Linux isg 2.6.18-194.32.1.el5 #1 SMP Wed Jan > 5 17:52:25 EST 2011 x86_64 x86_64 x86_64 GNU/Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (2a02:578:1:101:daa:ef09:905b:5510) > > > Im experiencing ldap crashes when query contains \00 symbols, example (dc was > hidden): > # ldapsearch -LLL -x -s sub -b "dc=aaanet,dc=net" > "(&(objectClass=account)(uid=aaa\00bbb))" > ldap_result: Can't contact LDAP server (-1)<- here it crashed > -- > I'm using ldap with mysql-backend, versions: > http://pastebin.com/AMBZKvjH installed > ======= > logs: > http://pastebin.com/Jmz61mQb > > Right before the crash the following string appears in logs: > slapd: ../../../../servers/slapd/back-sql/util.c:144: backsql_strfcat_x: > Assertion `dest->bb_val.bv_val == ((void *)0) || dest->bb_val.bv_len == > strlen( > dest->bb_val.bv_val )' failed.
At a first glance, the test "dest->bb_val.bv_len == strlen( dest->bb_val.bv_val )" looks malformed, as it expects bervals to be valid C strings, so it looks like a bug. Disclaimer: please don't take this message as a commitment to fixing the bug, as I don't know when I'll have time to look at it in detail. p. -- Pierangelo Masarati Associate Professor Dipartimento di Ingegneria Aerospaziale Politecnico di Milano
