Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-6342

OpenLDAP NULL target assertion crashes Zabbix server when no DIT has been defined.

    Details

      Description

      bug in src/libs/zbxsysinfo/simple/simple.c
      static int check_ldap(const char *host, unsigned short port, int timeout, int *value_int)

      if cn=config is populated and slapd is running but there has yet to be a dit added to the database the following line will return null

      attr = ldap_first_attribute(ldap, msg, &ber);

      which causes the following

      valRes = ldap_get_values(ldap, msg, attr);

      to pass a null parameter to the ldap library which causes an assertion to be raised.

      the result of this assertion being raised causes the entire zabbix server to crash hard until restarted.

      This is due the fact that namingContexts isn't yet populated for the null dn.

      ldapsearch -H ldapi:/// -Y EXTERNAL -b '' -s base namingContexts

      1. extended LDIF
        #
      2. LDAPv3
      3. base <> with scope baseObject
      4. filter: (objectclass=*)
      5. requesting: namingContexts
        #

      #
      dn:

      1. search result
        search: 2
        result: 0 Success
      1. numResponses: 2
      2. numEntries: 1

      This can all be avoided by continuing the checks which are done above the impacted line

      if (NULL == (attr = ldap_first_attribute(ldap, msg, &ber))

      { zabbix_log(LOG_LEVEL_DEBUG, "LDAP - empty first entry result. [%s] [%s]", host, ldap_err2string(ldapErr)); goto lbl_ret; }

      It should be unneeded to wrap the final ldap call
      valRes = ldap_get_values(ldap, msg, attr);
      as even if this returns null the result is not used further down.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              russelljancewicz Russell Jancewicz
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: