[Date Prev][Date Next] [Chronological] [Thread] [Top]

invalid GSS authcn crashes slapd (sasl.c) (ITS#2961)



Full_Name: Donn Cave
Version: 2.2.4
OS: Redhat Enterprise
URL: 
Submission from: (NULL) (128.95.135.150)


$ bin/ldapsearch -h hostname -Y gssapi -X cn=myid cn=whatever

This value of -X is invalid (missing "dn:").  When slap_sasl_authorize() gets an
auxvals list
from prop_getnames(), the first entry's "values" field is null.  AC_MEMCPY
crashes.

Something along the lines of the following seems to work better.

--- servers/slapd/sasl.c.dist   2003-12-29 10:10:40.000000000 -0800
+++ servers/slapd/sasl.c        2004-02-09 16:24:37.000000000 -0800
@@ -881,8 +881,12 @@
 
        /* Skip PROP_CONN */
        prop_getnames( props, slap_propnames+1, auxvals );
-
-       AC_MEMCPY( &authcDN, auxvals[0].values[0], sizeof(authcDN) );
+       if (auxvals[0].values)
+               AC_MEMCPY( &authcDN, auxvals[0].values[0], sizeof(authcDN) );
+       else {
+               sasl_seterror( sconn, 0, "not authorized" );
+               return SASL_NOAUTHZ;
+       }
 
        /* Nothing to do if no authzID was given */
        if ( !auxvals[1].name || !auxvals[1].values ) {