[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
invalid GSS authcn crashes slapd (sasl.c) (ITS#2961)
Full_Name: Donn Cave
Version: 2.2.4
OS: Redhat Enterprise
URL:
Submission from: (NULL) (128.95.135.150)
$ bin/ldapsearch -h hostname -Y gssapi -X cn=myid cn=whatever
This value of -X is invalid (missing "dn:"). When slap_sasl_authorize() gets an
auxvals list
from prop_getnames(), the first entry's "values" field is null. AC_MEMCPY
crashes.
Something along the lines of the following seems to work better.
--- servers/slapd/sasl.c.dist 2003-12-29 10:10:40.000000000 -0800
+++ servers/slapd/sasl.c 2004-02-09 16:24:37.000000000 -0800
@@ -881,8 +881,12 @@
/* Skip PROP_CONN */
prop_getnames( props, slap_propnames+1, auxvals );
-
- AC_MEMCPY( &authcDN, auxvals[0].values[0], sizeof(authcDN) );
+ if (auxvals[0].values)
+ AC_MEMCPY( &authcDN, auxvals[0].values[0], sizeof(authcDN) );
+ else {
+ sasl_seterror( sconn, 0, "not authorized" );
+ return SASL_NOAUTHZ;
+ }
/* Nothing to do if no authzID was given */
if ( !auxvals[1].name || !auxvals[1].values ) {