[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Finally solved ldapsearch Can't contact LDAP server
Looks like a good catch, probably addresses #1181 but I think the other two
are unrelated.
I'll commit this to HEAD in a moment.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of Mark Adamson
> Sent: Thursday, May 06, 2004 1:45 PM
> To: openldap-bugs@OpenLDAP.org
> Subject: Finally solved ldapsearch Can't contact LDAP server
>
>
> Hello
>
> Finally! I found it. This had been bugging me for years.
> When I made an
> ldapsearch that would return hundreds or thousands of
> entries, I would get
> some of the results and then the client would say
>
> Can't contact LDAP server (81)
>
> It would only happen when SASL encryption was turned on.
>
> Digging into how liblber reads encrypted packets, I see that
> it loads the
> encrypted message size first and checks that it's reasonable,
> then loads
> the encrypted message (SASL encoding puts the length as the first 4
> bytes).
>
> What I found is that the 4 bytes of the length are loaded in a while()
> loop to get all 4 bytes. THE PROBLEM is if the first read
> comes up short
> of 4 bytes, it tries to read the remaining bytes of the
> quartet, but it
> does NOT advance the pointer into which the bytes are read.
>
> The fix is in liblber.c/cyrus.c in sb_sasl_read():
>
>
> /* Read the length of the packet */
> while ( p->sec_buf_in.buf_ptr < 4 ) {
> - ret = LBER_SBIOD_READ_NEXT( sbiod,
> p->sec_buf_in.buf_base,
> + ret = LBER_SBIOD_READ_NEXT( sbiod,
> p->sec_buf_in.buf_base +
> + p->sec_buf_in.buf_ptr,
> 4 - p->sec_buf_in.buf_ptr );
> #ifdef EINTR
> if ( ( ret < 0 ) && ( errno == EINTR ) )
> continue;
> #endif
> if ( ret <= 0 )
> return bufptr ? bufptr : ret;
>
> p->sec_buf_in.buf_ptr += ret;
> }
>
>
>
> I think this may be the solution to ITS #1181, #2490, and #2944.
>
>
> -Mark Adamson
> Carnegie Mellon University
>
>
>