[SERVER-28370] Prevent LDAP authorization crash when parsing null valued attributes Created: 17/Mar/17 Updated: 05/Apr/17 Resolved: 17/Mar/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Client |
| Affects Version/s: | 3.4.2 |
| Fix Version/s: | 3.4.3, 3.5.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v3.4
|
||||||||
| Sprint: | Platforms 2017-03-27 | ||||||||
| Participants: | |||||||||
| Description |
|
RFC4511 allows LDAP searches to return empty attributes which have no values:
Servers conforming to this specification do not need to return any values for a particular attribute. libldap appears to return a NULL pointer when ldap_get_values_len is called for an attribute without values, instead of an array containing a NULL pointer. libldap more commonly returns a NULL pointer on error. However, this condition is not considered an error, so no result code is set on the LDAP session handle. We should correctly handle this case. |
| Comments |
| Comment by Githook User [ 17/Mar/17 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: (cherry picked from commit 37c0edb1a50590e7591412b1fcc308dd85348f24) |
| Comment by Githook User [ 17/Mar/17 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |