[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4875) fix for bug in passfile.c -- infinite loop when password file is pipe/FIFO/tty/etc
Full_Name: Mark Seecof
Version: 2.3.34
OS: Linux
URL: ftp://ftp.openldap.org/incoming/MARK-SEECOF-070313.patch
Submission from: (NULL) (151.152.101.44)
When you ask an OpenLDAP tool such as ldapsearch(1) to read a password from a
file which is a pipe, FIFO, tty/pty, or other special file, the tool will go
into an infinite loop in function lutil_get_filed_password() (from
libraries/liblutil/passfile.c).
The problem is a bug in lutil_get_filed_password(): it calls fstat() on the
password file, then enters a loop attempting to read st_size bytes from the file
until it reaches EOF. For pipes, FIFO's, tty's, etc. st_size is typically 0, so
the loop never finishes--you may read 0 bytes from the file an infinite number
of times without ever reaching the end! (Actually, fread(,,0,) is a no-op.)
This bug only requires a one-line fix (though I actually propose to change two
lines). We simply eliminate the check on st_size and attempt to read a
buffer-full of bytes. The existing code cheerfully copes with that many bytes,
fewer, or more...
(My second change is to the default buffer size, to make it more efficient.)
SIMPLE LINUX 2.6 TEST CASE
echo -n "password" | ldapsearch -U user -Y Digest-MD5 -y /dev/stdin
'(foo=bar)'
GENERIC UNIX/LINUX TEST CASE
mknod pw_fifo p
echo -n "password" > pw_fifo &
ldapsearch -U user -Y Digest-MD5 -y pw_fifo '(foo=bar)'
Please retrieve my patch from MARK-SEECOF-070313.patch
I, Mark Seecof, hereby place the modifications to OpenLDAP Software I supply in
MARK-SEECOF-070313.patch (and only these modifications) into the public domain.
Hence, these modifications may be freely used and/or redistributed for any
purpose with or without attribution and/or other notice.