Hi, Thanks for the peek.
Looking at the code I think none of the fields get checked against NULL. I believe this came with the Introduction of a simple LDAP-Authentication model (ldap-connect), which does not rely on rules being stored in the ldapd. I will consider checking the keys available in the config file before actually applying them. Depending on the ldap and ldap-connect method different keys need to be present. Enjoy, Felix On Thursday 31 May 2012 18:17:37 rm4dillo D wrote: > After activating LDAP authentication on OpenVAS, OpenVAS Manager > (openvasmd) was crashing after every successful authentication. > > Backtrace (gdb): > > #0 0x000002aaac9f787a in ?? () from /lib/libc.so.6 > #1 0x000002aaadad98a1 in ldap_auth_query_rules (ldap=0x65e8e60, > auth_info=0x65fe220, dn=<value optimized out>, > username=<value optimized out>) at > openvas-libraries-5.0.1/misc/ldap_auth.c:504 > > (gdb) p ((struct ldap_auth_info *) 0x65fe220)->ruletype_attribute > $1 = (gchar *) 0x0 > > > "auth_info->ruletype_attribute" is NULL when the "ruletype-attribute" > key is not set in ".auth.conf" file and it's value is not checked > before calling "strcmp" at "ldap_auth.c:504" thus producing a NULL > pointer dereference. Maybe this could be solved by calling > "openvas_auth_write_config" in "openvas_auth.c" before > "ldap_auth_info_from_key_file" in order to set the default values. > > As a "workaround", one should simply keep the "ruletype-attribute" key > set in the ".auth.conf" as it is in "example.auth.conf" :). > _______________________________________________ > Openvas-discuss mailing list > [email protected] > http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
