[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3657) HDB DoS - client can hang slapd server by moving an entry

To: openldap-its@OpenLDAP.org
Subject: (ITS#3657) HDB DoS - client can hang slapd server by moving an entry
From: aciancone@masobit.net
Date: Thu, 14 Apr 2005 16:43:28 GMT

Full_Name: Andrea Ciancone
Version: 2.2.23
OS: Debian
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.206.187.19)


By moving an entry under itself, using ldap_modrdn2, slapd completely hangs.
The only solution is to kill -9 slapd. 
As an example, by moving:

         cn=foo,cn=bar into cn=agor,cn=foo,cn=bar

slapd stops answering queries. I've tryed it several times, 
and I can sistematically reproduce the problem. I use 
Net::LDAP from CPAN, and run something like:

  $ldap->moddn("cn=foo,cn=bar", newrdn => "cn=agor", 
        deleteoldrdn => 1, newsuperior => "cn=foo,cn=bar");

Any client having write access to any slapd server 
using HDB can completely make the server unusable. 
It is even necessary to run db_recover every time 
this happens.

Cheers,
Andrea

Prev by Date: Re: (ITS#3616) Syncrepl and rootless installations
Next by Date: (ITS#3658) libldap fails to Bind to a server on Windows
Index(es):
- Chronological
- Thread