--On Tuesday, February 03, 2015 12:08:36 AM +0000 Howard Chu <[email protected]> wrote:
> [email protected] wrote: >> Full_Name: Bill MacAllister >> Version: 2.4.40 >> OS: Debian Wheezy >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (171.64.19.165) >> >> I have a perl script that uses Net::LDAPapi to report data from our >> OpenLDAP servers. I have used the script on an off for years. >> This morning I created a new report this morning that is causing >> slapd on the servers to core dump. When I do the same query using >> ldapsearch the query returns normally. > > What is the query? The filter code where this occurs hasn't changed > in 4 years. > > Provide the slapd -d7 output for the query via your script, as well > as via ldapsearch. The system exhibiting this problem was running a beta release of 2.4.40. When I installed from a build of the current stable the problem disappeared. Apologies for the bother, I didn't realize the system had not been updated. I think that documenting the query would be useful anyway, but I want to hold off on that because I know the problem exists in the build that is in debian backports. I would like to give Ryan a chance to fix it before I publish it. I was able to reproduce the problem with ldapsearch and it is a trival and very effective denial of service attack. Bill -- Bill MacAllister Systems Programmer, Stanford University
