httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31898] - Potential crash in util_ldap_cache_checkuserid
Date Mon, 01 Nov 2004 14:32:02 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31898>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31898

Potential crash in util_ldap_cache_checkuserid





------- Additional Comments From jah@progress.com  2004-11-01 14:32 -------
The comment about password verifying on line 983 of the patched v2.1 util_ldap.c
should probably be removed. Otherwise your util_ldap_cache_getuserdn() looks
pretty much the same as my version of the same function for Apache 2.0.52.

In my version of mod_auth_ldap_auth_checker() I check that the request has a
username before starting to create the req structure. Not sure if this affects
the end result (failing authorization) but it should make troubleshooting easier:
***************
*** 529,534 ****
--- 529,541 ----
       * and populated with the userid and DN of the account in LDAP
       */
  
+     /* Check that we have a userid to start with */
+     if ((!r->user) || (strlen(r->user) == 0)) {
+         ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
+             "ldap authorize: Userid is blank, AuthType=%s",
+             r->ap_auth_type);
+     }
+ 
      if(!req) {
          ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
              "ldap authorize: Creating LDAP req structure");

On line 912 of patched v2.1 util_ldap.c there is this code:
        if ((search_nodep == NULL) ||
            (strcmp(*binddn, search_nodep->dn) != 0)) {

            /* Nothing in cache, insert new entry */
            util_ald_cache_insert(curl->search_cache, &the_search_node);

Shouldn't the existing cache entry be removed before if the dn of the cache
entry does not match dn of the ldap search result ? Otherwise this will insert a
duplicate entry in the cache.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message