[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9175) ldapsearch segfault
--0000000000003b4d37059f1c0189
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
footnote: In my first followup, I intended to write "as I am quite
UNaccustomed to working with the data"
Cheers
On Fri, Feb 21, 2020 at 3:27 PM Lexi Haley <lhaley@meditech.com> wrote:
> FOUND THE ISSUE! So - in GDB , while paused in the "{mM}" processing tha=
t
> ber_scanf does (called from ldap_get_attribute_ber), I kept seeing the
> variable arguments list not properly setting off --- and sure enough,
> digging in memory, on the stack was 0x100000000 ... which was the cause =
of
> the eventual segfault.
>
> Well, backtracking to the ber_scanf call itself, I see a zero 0 which
> isn't cast to the ber_len_t type, and as such, will only occupy 4 bytes a=
s
> a sizeof int - instead of (( on my system 8, for sizeof (ber_len_t). So =
-
> the solution was just to cast the argument. So that the cookie.off =3D
> va_arg( ap, ber_len_t ); will unpack only bytes we've intentionally sent =
it
> -- not garbage left over.
>
> So - the change suggested is:
>
>
> diff --git a/libraries/libldap/getattr.c b/libraries/libldap/getattr.c
> index 31784d765..0300ea574 100644
> --- a/libraries/libldap/getattr.c
> +++ b/libraries/libldap/getattr.c
> @@ -147,7 +147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry,
> BerElement *ber,
>
> /* skip sequence, snarf attribute type */
> tag =3D ber_scanf( ber, vals ? "{mM}" : "{mx}", attr, val=
s,
> - &siz, 0 );
> + &siz, (ber_len_t)0 );
> if( tag =3D=3D LBER_ERROR ) {
> rc =3D ld->ld_errno =3D LDAP_DECODING_ERROR;
> }
>
>
> I hope you can take this haphazard issue submit, and do whatever is right
> with it - to get this patch considered. Thanks!
>
>
>
> On Fri, Feb 21, 2020 at 1:06 PM Lexi Haley <lhaley@meditech.com> wrote:
>
>> continuing notes - as I am quite accustomed to working with the data
>> structures and processes for LDAP - my hacky fudge was just that - and a=
lso
>> useless. By bailing out at that point, ldapsearch doesn't list the
>> tag=3Dvalue results. I am continuing to dig around ...
>>
>> Lexi
>>
>> On Thu, Feb 20, 2020 at 3:09 PM <openldap-its@openldap.org> wrote:
>>
>>>
>>> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
>>>
>>> Thanks for your report to the OpenLDAP Issue Tracking System. Your
>>> report has been assigned the tracking number ITS#9175.
>>>
>>> One of our support engineers will look at your report in due course.
>>> Note that this may take some time because our support engineers
>>> are volunteers. They only work on OpenLDAP when they have spare
>>> time.
>>>
>>> If you need to provide additional information in regards to your
>>> issue report, you may do so by replying to this message. Note that
>>> any mail sent to openldap-its@openldap.org with (ITS#9175)
>>> in the subject will automatically be attached to the issue report.
>>>
>>> mailto:openldap-its@openldap.org?subject=3D(ITS#9175)
>>>
>>> You may follow the progress of this report by loading the following
>>> URL in a web browser:
>>> http://www.OpenLDAP.org/its/index.cgi?findid=3D9175
>>>
>>> Please remember to retain your issue tracking number (ITS#9175)
>>> on any further messages you send to us regarding this report. If
>>> you don't then you'll just waste our time and yours because we
>>> won't be able to properly track the report.
>>>
>>> Please note that the Issue Tracking System is not intended to
>>> be used to seek help in the proper use of OpenLDAP Software.
>>> Such requests will be closed.
>>>
>>> OpenLDAP Software is user supported.
>>> http://www.OpenLDAP.org/support/
>>>
>>> --------------
>>> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
>>>
>>>
>>
>> --
>>
>> Lexi Haley (she/her/hers)
>>
>> Computer Scientist, System Tools, Advanced Technology Division
>>
>> Medical Information Technology, Inc.
>>
>> Office: 781-774-5156 | Mobile: 508-713-2499
>>
>> lhaley@meditech.com
>>
>> MEDITECH Circle, Westwood, MA 02090
>>
>> Main: 781-821-3000 | Fax: 781-821-2199
>>
>
>
> --
>
> Lexi Haley (she/her/hers)
>
> Computer Scientist, System Tools, Advanced Technology Division
>
> Medical Information Technology, Inc.
>
> Office: 781-774-5156 | Mobile: 508-713-2499
>
> lhaley@meditech.com
>
> MEDITECH Circle, Westwood, MA 02090
>
> Main: 781-821-3000 | Fax: 781-821-2199
>
--=20
Lexi Haley (she/her/hers)
Computer Scientist, System Tools, Advanced Technology Division
Medical Information Technology, Inc.
Office: 781-774-5156 | Mobile: 508-713-2499
lhaley@meditech.com
MEDITECH Circle, Westwood, MA 02090
Main: 781-821-3000 | Fax: 781-821-2199
--=20
<https://ehr.meditech.com/expanse>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =20
<https://www.linkedin.com/company/meditech>=C2=A0 =20
<https://twitter.com/MEDITECH>=C2=A0=C2=A0 <https://www.facebook.com/Medite=
chEHR>
Subscribe=20
<https://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D86429=
9ec-5abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326>=20
to receive emails from MEDITECH or to change email preferences.
--0000000000003b4d37059f1c0189
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">footnote:=C2=A0 In my first followup, I intended to write=
=C2=A0 "<span style=3D"color:rgb(0,0,0)">as I am quite UNaccustomed to=
working with the data"</span><div>Cheers</div></div><br><div class=3D=
"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Feb 21, 2020 at=
3:27 PM Lexi Haley <<a href=3D"mailto:lhaley@meditech.com">lhaley@medit=
ech.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"=
margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-lef=
t:1ex"><div dir=3D"ltr">FOUND THE ISSUE!=C2=A0 So - in GDB , while paused i=
n the "{mM}" processing that ber_scanf does (called from=C2=A0lda=
p_get_attribute_ber), I kept seeing the variable arguments list not properl=
y setting off --- and sure enough, digging in memory, on the stack was 0x10=
0000000 ...=C2=A0 which was the cause of the eventual segfault.<div><br></d=
iv><div>Well, backtracking to the ber_scanf call itself, I see a zero 0 whi=
ch isn't cast to the ber_len_t type, and as such, will only occupy 4 by=
tes as a sizeof=C2=A0int - instead of (( on my system 8, for sizeof (ber_le=
n_t).=C2=A0 So - the solution was just=C2=A0to cast the argument.=C2=A0 So =
that the=C2=A0cookie.off =3D va_arg( ap, ber_len_t ); will unpack only byte=
s we've intentionally sent it -- not garbage left over.</div><div><br><=
/div><div>So - the change suggested is:</div><div><br></div><div><br></div>=
<div><font face=3D"monospace">diff --git a/libraries/libldap/getattr.c b/li=
braries/libldap/getattr.c<br>index 31784d765..0300ea574 100644<br>--- a/lib=
raries/libldap/getattr.c<br>+++ b/libraries/libldap/getattr.c<br>@@ -147,7 =
+147,7 @@ ldap_get_attribute_ber( LDAP *ld, LDAPMessage *entry, BerElement =
*ber,<br><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* ski=
p sequence, snarf attribute type */<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 tag =3D ber_scanf( ber, vals ? "{mM}" : &quo=
t;{mx}", attr, vals,<br>- =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, 0 );<br>+ =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 &siz, (ber_len=
_t)0 );<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if( tag =
=3D=3D LBER_ERROR ) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 rc =3D ld->ld_errno =3D LDAP_DECODING=
_ERROR;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }</font>=
<br></div><div><br></div><div><br></div><div>I hope you can take this hapha=
zard issue submit, and do whatever is right with it - to get this patch con=
sidered.=C2=A0 Thanks!</div><div><br></div><div><br></div></div><br><div cl=
ass=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Feb 21, 2=
020 at 1:06 PM Lexi Haley <<a href=3D"mailto:lhaley@meditech.com" target=
=3D"_blank">lhaley@meditech.com</a>> wrote:<br></div><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex"><div dir=3D"ltr">continuing notes - as I a=
m quite accustomed to working with the data structures and processes for LD=
AP - my hacky fudge was just that - and also useless.=C2=A0 By bailing out =
at that point, ldapsearch doesn't list the tag=3Dvalue results.=C2=A0 I=
am continuing to dig around ...<div><br></div><div>Lexi</div></div><br><di=
v class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Feb 2=
0, 2020 at 3:09 PM <<a href=3D"mailto:openldap-its@openldap.org" target=
=3D"_blank">openldap-its@openldap.org</a>> wrote:<br></div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli=
d rgb(204,204,204);padding-left:1ex"><br>
*** THIS IS AN AUTOMATICALLY GENERATED REPLY ***<br>
<br>
Thanks for your report to the OpenLDAP Issue Tracking System.=C2=A0 Your<br=
>
report has been assigned the tracking number ITS#9175.<br>
<br>
One of our support engineers will look at your report in due course.<br>
Note that this may take some time because our support engineers<br>
are volunteers.=C2=A0 They only work on OpenLDAP when they have spare<br>
time.<br>
<br>
If you need to provide additional information in regards to your<br>
issue report, you may do so by replying to this message.=C2=A0 Note that<br=
>
any mail sent to <a href=3D"mailto:openldap-its@openldap.org" target=3D"_bl=
ank">openldap-its@openldap.org</a> with (ITS#9175)<br>
in the subject will automatically be attached to the issue report.<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 mailto:<a href=3D"mailto:openldap-its@openldap.=
org" target=3D"_blank">openldap-its@openldap.org</a>?subject=3D(ITS#9175)<b=
r>
<br>
You may follow the progress of this report by loading the following<br>
URL in a web browser:<br>
=C2=A0 =C2=A0 <a href=3D"http://www.OpenLDAP.org/its/index.cgi?findid=3D917=
5" rel=3D"noreferrer" target=3D"_blank">http://www.OpenLDAP.org/its/index.c=
gi?findid=3D9175</a><br>
<br>
Please remember to retain your issue tracking number (ITS#9175)<br>
on any further messages you send to us regarding this report.=C2=A0 If<br>
you don't then you'll just waste our time and yours because we<br>
won't be able to properly track the report.<br>
<br>
Please note that the Issue Tracking System is not intended to<br>
be used to seek help in the proper use of OpenLDAP Software.<br>
Such requests will be closed.<br>
<br>
OpenLDAP Software is user supported.<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"http://www.OpenLDAP.org/support/" re=
l=3D"noreferrer" target=3D"_blank">http://www.OpenLDAP.org/support/</a><br>
<br>
--------------<br>
Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.<br>
<br>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><p dir=3D"ltr=
" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><span style=3D"font-size:13pt;font-family:Verdana;color:rgb(0,0,0);fo=
nt-weight:700;vertical-align:baseline;white-space:pre-wrap">Lexi Haley </sp=
an><span style=3D"color:rgb(102,102,102);font-family:Verdana;font-size:13.3=
333px;white-space:pre-wrap">(she/her/hers)</span></p><p dir=3D"ltr" style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,102);ver=
tical-align:baseline;white-space:pre-wrap">Computer Scientist, System Tools=
, Advanced Technology Division</span></p><p dir=3D"ltr" style=3D"color:rgb(=
80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"=
font-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:ba=
seline;white-space:pre-wrap">Medical Information Technology, Inc.</span></p=
><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;color=
:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Office: 781=
-774-5156 | Mobile: 508-713-2499</span></p><p style=3D"color:rgb(80,0,80);l=
ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><font face=3D"Verdana"><s=
pan style=3D"font-size:13.3333px;white-space:pre-wrap"><a href=3D"mailto:lh=
aley@meditech.com" target=3D"_blank">lhaley@meditech.com</a></span></font><=
/p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0=
pt;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;col=
or:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">MEDITECH =
Circle, Westwood, MA 02090</span></p><p dir=3D"ltr" style=3D"color:rgb(80,0=
,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font=
-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseli=
ne;white-space:pre-wrap">Main: 781-821-3000 | Fax: 781-821-2199</span></p><=
/div></div></div></div></div></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><p dir=3D"ltr=
" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><span style=3D"font-size:13pt;font-family:Verdana;color:rgb(0,0,0);fo=
nt-weight:700;vertical-align:baseline;white-space:pre-wrap">Lexi Haley </sp=
an><span style=3D"color:rgb(102,102,102);font-family:Verdana;font-size:13.3=
333px;white-space:pre-wrap">(she/her/hers)</span></p><p dir=3D"ltr" style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,102);ver=
tical-align:baseline;white-space:pre-wrap">Computer Scientist, System Tools=
, Advanced Technology Division</span></p><p dir=3D"ltr" style=3D"color:rgb(=
80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"=
font-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:ba=
seline;white-space:pre-wrap">Medical Information Technology, Inc.</span></p=
><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;color=
:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Office: 781=
-774-5156 | Mobile: 508-713-2499</span></p><p style=3D"color:rgb(80,0,80);l=
ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><font face=3D"Verdana"><s=
pan style=3D"font-size:13.3333px;white-space:pre-wrap"><a href=3D"mailto:lh=
aley@meditech.com" target=3D"_blank">lhaley@meditech.com</a></span></font><=
/p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0=
pt;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;col=
or:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">MEDITECH =
Circle, Westwood, MA 02090</span></p><p dir=3D"ltr" style=3D"color:rgb(80,0=
,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font=
-size:10pt;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseli=
ne;white-space:pre-wrap">Main: 781-821-3000 | Fax: 781-821-2199</span></p><=
/div></div></div></div></div></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
class=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div=
dir=3D"ltr"><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;ma=
rgin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:13pt;font-family:V=
erdana;color:rgb(0,0,0);font-weight:700;vertical-align:baseline;white-space=
:pre-wrap">Lexi Haley </span><span style=3D"color:rgb(102,102,102);font-fam=
ily:Verdana;font-size:13.3333px;white-space:pre-wrap">(she/her/hers)</span>=
</p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:=
0pt;margin-bottom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;co=
lor:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">Computer=
Scientist, System Tools, Advanced Technology Division</span></p><p dir=3D"=
ltr" style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bot=
tom:0pt"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,10=
2,102);vertical-align:baseline;white-space:pre-wrap">Medical Information Te=
chnology, Inc.</span></p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-he=
ight:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10pt;f=
ont-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-spa=
ce:pre-wrap">Office: 781-774-5156 | Mobile: 508-713-2499</span></p><p style=
=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
font face=3D"Verdana"><span style=3D"font-size:13.3333px;white-space:pre-wr=
ap"><a href=3D"mailto:lhaley@meditech.com" target=3D"_blank">lhaley@meditec=
h.com</a></span></font></p><p dir=3D"ltr" style=3D"color:rgb(80,0,80);line-=
height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:10pt=
;font-family:Verdana;color:rgb(102,102,102);vertical-align:baseline;white-s=
pace:pre-wrap">MEDITECH Circle, Westwood, MA 02090</span></p><p dir=3D"ltr"=
style=3D"color:rgb(80,0,80);line-height:1.38;margin-top:0pt;margin-bottom:=
0pt"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(102,102,10=
2);vertical-align:baseline;white-space:pre-wrap">Main: 781-821-3000 | Fax: =
781-821-2199</span></p></div></div></div></div></div></div>
<br>
<a href=3D"https://ehr.meditech.com/expanse" target=3D"_blank"><img src=3D"=
https://home.meditech.com/en/d/home/images/meditechemailsignaturelogo2018ex=
panse.jpg"></a><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"ht=
tps://www.linkedin.com/company/meditech" target=3D"_blank"><img src=3D"http=
s://home.meditech.com/en/d/home/images/emailsignaturelinkedin20pixels.gif" =
style=3D"font-size:1.3em"></a><span style=3D"font-size:1.3em">=C2=A0 </span=
><a href=3D"https://twitter.com/MEDITECH" target=3D"_blank"><img src=3D"htt=
ps://home.meditech.com/en/d/home/images/emailsignaturetwitter20pixels.gif" =
style=3D"font-size:1.3em"></a><span style=3D"font-size:1.3em">=C2=A0=C2=A0<=
/span><a href=3D"https://www.facebook.com/MeditechEHR" target=3D"_blank"><i=
mg src=3D"https://home.meditech.com/en/d/home/images/emailsignaturefacebook=
20pixels.gif" style=3D"font-size:1.3em"></a></div><div><div><a href=3D"http=
s://info.meditech.com/get-great-meditech-content?hsCtaTracking=3D864299ec-5=
abf-4004-9c6d-2d051794101f%7Cc911be42-538a-4a48-8dca-a6d4001c6326" target=
=3D"_blank"><span style=3D"font-size:10pt;font-family:Verdana;color:rgb(17,=
85,204);vertical-align:baseline;white-space:pre-wrap">Subscribe</span></a><=
span style=3D"font-size:10pt;font-family:Verdana;vertical-align:baseline;wh=
ite-space:pre-wrap"> </span><span style=3D"font-size:10pt;font-family:Verda=
na;color:rgb(102,102,102);vertical-align:baseline;white-space:pre-wrap">to =
receive emails from MEDITECH or to change email preferences.</span></div></=
div>
--0000000000003b4d37059f1c0189--