#1818 LDAP provider doesn't save binary attributes correctly
Closed: Fixed None Opened 6 years ago by jhrozek.

This problem was reported and fixed by Jan Engelhardt. Below is a summary copied from his commit message:

I have here a LDAP user entry which has this attribute

loginAllowedTimeMap::
 AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA

In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)

Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
id or getent show incomplete information.

The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.


patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.5
resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.9.5

2 years ago

Login to comment on this ticket.

Metadata