Bug#679343: Fwd: [rt.cpan.org #84888] Segfaults when adding or deleting tainted values

Sun May 19 10:37:28 UTC 2013

-------- Message original --------
Subject: [rt.cpan.org #84888] Segfaults when adding or deleting tainted
values
Date : Sun, 19 May 2013 05:36:31 -0400
>From : Peter Marschall via RT <bug-perl-ldap at rt.cpan.org>
Reply to : bug-perl-ldap at rt.cpan.org
To : x.guimard at free.fr
Copy to : waoki at umnh.utah.edu

<URL: https://rt.cpan.org/Ticket/Display.html?id=84888 >

Hi,

On Mon May 13 17:52:41 2013, waoki at umnh.utah.edu wrote:
> When I modify it to use Authen::SASL so that I can authenticate using
> GSSAPI, it crashes with a sgementation fault. If I set things up so
>    that
> I can authenticate to the server without GSSAPI, it does not crash.

you got me interested ;-)

So I built a Kerberos installation and rewrote the script:

------- BEGIN EXAMPLE -------
#!/usr/bin/perl -w -T
use Net::LDAP;
use Authen::SASL qw(Cyrus);                     # CHECK A: switch
between Perl & Cyrus
use Net::LDAP::Entry;

die("Usage $0 <carLicense>\n")  unless @ARGV;

my $ldap = Net::LDAP->new('ldap://SERVER.DOMAIN') or die($@);
my $sh = Authen::SASL->new(mechanism => 'GSSAPI') or die "Can't get SASL
handle\n";
#$sh = $sh->client_new('ldap', 'SERVER.DOMAIN');                # CHECK
B: (un)comment this line
my $mesg = $ldap->bind('cn=MANAGER,DC=ADPM,DC=DE', sasl => $sh);
die "LDAP bind failed: ".$mesg->error.' ('.$mesg->code.')'  if $mesg->code;

my $entry = Net::LDAP::Entry->new('cn=TEST-USER,DC=ADPM,DC=DE');
$entry->changetype('modify');
$entry->add(carLicense => $ARGV[0]);
$mesg = $entry->update($ldap);
print "Sorry, sgmentation fault cannot be reproduced\n";
die "LDAP modify failed: ".$mesg->error.' ('.$mesg->code.')'  if
$mesg->code;
------- END EXAMPLE -------

Using this updated script I tried to reproduce the segfault, again using
perl-ldap 0.55 on Perl v5.14.2.

In no case of my tests I was able to reproduce a semgentation fault.

But there were different outcomes depending on the different
combinations of the checks
named CHECK A & CHECK B above:
* when using 'qw(Perl)' in CHECK A, the script ran successfuly independent
  whether client_new() was called in CHECK B or nor
* when using 'qw(Cyrus)' in CHECK A, and called client_new() in the
script, then
  the script finished without problems too.
* only when 'qw(Cyrus)' in CHECK A and not calling client_new() in the
script,
  [i.e. in exact the configuration as shown above], the script died in
line 12
  with the message
    "LDAP bind failed: generic failure (82) at ./crashit.pl line 12,
<DATA> line 747."
  But it did not segfault.

I guess the root cause here is that Authen::SASL::Cyrus cannot deal with
an IP address
as SASL host.
The workaround here is to call client_new yourself.
This is documented in the bind section of the Net::LDAP man page.

Can you please test this updated script with all the 4 cases of CHECK A
& B and
report the individual results?

Best
Peter