#1818 LDAP provider doesn't save binary attributes correctly
Closed: Fixed None Opened 8 years ago by jhrozek.

This problem was reported and fixed by Jan Engelhardt. Below is a summary copied from his commit message:

I have here a LDAP user entry which has this attribute

loginAllowedTimeMap::
 AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA

In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)

Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
id or getent show incomplete information.

The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.


patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.5
resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.9.5

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2860

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata