[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl_encode type conflict in 64 bit builds (ITS#3212)



Your fix, I believe, is correct.  I've committed changes
based upon it to HEAD.  Please test.

Kurt

At 12:18 AM 6/29/2004, jeff.lewis29@verizon.net wrote:
>Full_Name: Jeff Lewis
>Version: 2.1.17
>OS: SunOS 5.8
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (192.127.94.7)
>
>
>I'm an open source novice and have run into a problem building the OpenLDAP
>clients on SunOS.  This very well could be a cockpit error on my part and I'd be
>delighted to learn that it's my error.
>
>I think I've stumbled upon a type conflict that's keeping the ldap client tools
>from working.  I just built the clients on my SunOS platform with is a big
>endian 64 bit machine.  When I run ldapsearch (and ldapwhoami...haven't tried
>the others but I suspect they'll do something similar), I get the following
>results:
>
>  $ ./ldapsearch -b "" -s base -h tnt80 -U djl -Y DIGEST-MD5
>  SASL/DIGEST-MD5 authentication started
>  Please enter your password:
>  SASL username: djl
>  SASL SSF: 128
>  SASL installing layers
>  # extended LDIF
>  #
>  # LDAPv3
>  # base <> with scope base
>  # filter: (objectclass=*)
>  # requesting: ALL
>  #
>
>  ldapsearch: ldap_search_ext: Can't contact LDAP server (81)
>  $
>
>I did a network trace and found that the bind was successful, but the very next
>write/send to the server carrying the search request had "run away" and was
>sending a massive amount of data.  After some study, I found my way into
>sb_sasl_write in the libraries/libldap/cyrus.c source module.  In it is a call
>to sasl_encode that is failing for me.  What's happening is the sasl_encode()
>call wants a pointer to an "unsigned int" and sb_sasl_write passes a pointer to
>a ber_len_t cast as "unsigned *".  The ber_len_t type wants to be "unsigned
>long" which is 8 bytes wide on my 64 bit machine.  The bottom line is
>sasl_encode stores 4 bytes of unsigned data into an 8 byte area, and since my
>machine is big endian, the resulting value is 2^^32 times bigger than it should
>be and the next write tries to send a huge amount of data.  If my machine were
>small endian, I wouldn't have noticed a problem.
>
>I figured that if there were a sasl_encode() call in the OpenLDAP source,
>there's probably a sasl_decode() call as well.  I found it in sb_sasl_read and
>sure enough, it suffers from the same problem.
>
>Knowing that I'm not running the latest OpenLDAP package, I downloaded the
>latest stable release (2.2.13, I think), configured it and examined the source. 
>I did not build the package.  But from desk checking the code and type
>definitions, it appears that this little problem of mine is still there.
>
>For now, I've added some code to copy the lengths into and out of an unsigned
>temp variable and passed a pointer to the temp to sasl_encode/decode.  The code
>is much happier and produces good results for me.
>
>Here's the original call to sasl_encode:
>
>        ret = sasl_encode( p->sasl_context, buf, len,
>                (SASL_CONST char **)&p->buf_out.buf_base,
>                (unsigned *)&p->buf_out.buf_size );
>
>Here's my kludged call:
>
>        temp = p->buf_out.buf_size;
>        ret = sasl_encode( p->sasl_context, buf, len,
>                (SASL_CONST char **)&p->buf_out.buf_base,
>                (unsigned *)&temp );
>        p->buf_out.buf_size = temp;
>
>I did something similar to the sasl_decode call in sb_sasl_read.
>
>If you're interested in the diffs:
>
>  $ diff cyrus.orig cyrus.c
>  227a228
>  >       unsigned                temp;
>  292a294
>  >       temp = p->buf_in.buf_end;
>  296c298,299
>  <               (unsigned *)&p->buf_in.buf_end );
>  ---
>  >               (unsigned *)&temp );
>  >         p->buf_in.buf_end = temp;
>  321a325
>  >       unsigned                temp;
>  350a355
>  >         temp = p->buf_out.buf_size;
>  353c358,359
>  <               (unsigned *)&p->buf_out.buf_size );
>  ---
>  >               (unsigned *)&temp );
>  >         p->buf_out.buf_size = temp;
>  $
>
>
>My ldapsearch is much much better after the changes, but I doubt seriously you'd
>want these particular changes in your code.  They're a bit of a kludge and are
>completely wasteful on 32 bit platforms.  But after making the changes above,
>here's what ldapsearch does for me (correctly, I presume):
>
>  $ ./ldapsearch -b "" -s base -h tnt80 -U djl -Y DIGEST-MD5
>  SASL/DIGEST-MD5 authentication started
>  Please enter your password:
>  SASL username: djl
>  SASL SSF: 128
>  SASL installing layers
>  # extended LDIF
>  #
>  # LDAPv3
>  # base <> with scope base
>  # filter: (objectclass=*)
>  # requesting: ALL
>  #
>
>  #
>  dn:
>  objectClass: top
>  objectClass: OpenLDAProotDSE
>
>  # search result
>  search: 3
>  result: 0 Success
>
>  # numResponses: 2
>  # numEntries: 1
>  $
>
>I've searched the archives and did not see anything that caused me to think
>someone else was having a similar problem.  But then, being an open source
>novice, I could have very easily missed something important.  :-)  I do hope
>this is enough information for you to go on.  If not, email me and I'll fill in
>any missing blanks.  Like I said, I'd be very happy to learn that the error is
>mine.