From 956309e24c32cd0886736bf065a27d5bdd200a77 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 21 Feb 2013 13:12:25 +0100 Subject: sysdb: try dealing with binary-content attributes https://fedorahosted.org/sssd/ticket/1818 I have here a LDAP user entry which has this attribute loginAllowedTimeMap:: AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA In the function sysdb_attrs_add_string(), called from sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is the wrong thing to do. The result of strlen is then used to populate the .v_length member of a struct ldb_val - and this will set it to zero in this case. (There is also the problem that there may not be a '\0' at all in the blob.) Subsequently, .v_length being 0 makes ldb_modify(), called from sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End result is that users do not get stored in the sysdb, and programs like `id` or `getent ...` show incomplete information. The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave fine, but that may not mean that is the absolute lower boundary of introduction of the problem. --- src/db/sysdb.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/db/sysdb.h') diff --git a/src/db/sysdb.h b/src/db/sysdb.h index fff97a8aa..23cbbb0d4 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -250,6 +250,8 @@ int sysdb_attrs_add_val(struct sysdb_attrs *attrs, const char *name, const struct ldb_val *val); int sysdb_attrs_add_string(struct sysdb_attrs *attrs, const char *name, const char *str); +int sysdb_attrs_add_mem(struct sysdb_attrs *, const char *, + const void *, size_t); int sysdb_attrs_add_bool(struct sysdb_attrs *attrs, const char *name, bool value); int sysdb_attrs_add_long(struct sysdb_attrs *attrs, -- cgit