Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-28370

Prevent LDAP authorization crash when parsing null valued attributes

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.4.3, 3.5.5
    • Affects Version/s: 3.4.2
    • Component/s: Internal Client
    • Labels:
    • Fully Compatible
    • ALL
    • v3.4
    • Platforms 2017-03-27

      RFC4511 allows LDAP searches to return empty attributes which have no values:

      4.1.7. Attribute and PartialAttribute

      Attributes and partial attributes consist of an attribute description
      and attribute values. A PartialAttribute allows zero values, while
      Attribute requires at least one value.

      PartialAttribute ::= SEQUENCE {
      type AttributeDescription,
      vals SET OF value AttributeValue }

      4.5.2. Search Result

      The results of the Search operation are returned as zero or more
      SearchResultEntry and/or SearchResultReference messages, followed by
      a single SearchResultDone message.

      SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
      objectName LDAPDN,
      attributes PartialAttributeList }

      PartialAttributeList ::= SEQUENCE OF
      partialAttribute PartialAttribute

      SearchResultReference ::= [APPLICATION 19] SEQUENCE
      SIZE (1..MAX) OF uri URI

      SearchResultDone ::= [APPLICATION 5] LDAPResult

      Servers conforming to this specification do not need to return any values for a particular attribute.

      libldap appears to return a NULL pointer when ldap_get_values_len is called for an attribute without values, instead of an array containing a NULL pointer. libldap more commonly returns a NULL pointer on error. However, this condition is not considered an error, so no result code is set on the LDAP session handle.

      We should correctly handle this case.

            spencer.jackson@mongodb.com Spencer Jackson
            spencer.jackson@mongodb.com Spencer Jackson
            0 Vote for this issue
            3 Start watching this issue