Your message dated Tue, 5 May 2009 12:39:52 -0400
with message-id <[email protected]>
and subject line Re: Bug#515952: libapache2-mod-ldap-userdir: segfault on 
anonymous bind
has caused the Debian Bug report #515952,
regarding libapache2-mod-ldap-userdir: segfault on anonymous bind
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
515952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515952
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libapache2-mod-ldap-userdir
Version: 1.1.14-1
Severity: important
Tags: patch


After upgrade from etch to lenny segfaults started to appear on access
to userdir URL.  This is result of libapache2-mod-ldap-userdir anonymous
bind configuration (works ok when LDAPUserDirDNInfo is configured).

I fixed this bug and everything seems to work as it used to.  Please see
attached patch.

-- System Information:
Debian Release: lenny/sid
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27.4-elsinore (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libapache2-mod-ldap-userdir depends on:
ii  apache2.2-common         2.2.9-10+lenny2 Apache HTTP Server common files
ii  libc6                    2.7-13          GNU C Library: Shared libraries
ii  libldap-2.4-2            2.4.11-1        OpenLDAP libraries

libapache2-mod-ldap-userdir recommends no packages.

libapache2-mod-ldap-userdir suggests no packages.
--- mod_ldap_userdir.c.orig	2008-10-09 15:53:09.000000000 +0200
+++ mod_ldap_userdir.c	2009-02-18 14:04:17.000000000 +0100
@@ -666,7 +666,10 @@
 
 #if LDAP_API_VERSION >= 2000
 	bindcred.bv_val = s_cfg->dn_pass;
-	bindcred.bv_len = strlen(s_cfg->dn_pass);
+	if (s_cfg->dn_pass != NULL)
+		bindcred.bv_len = strlen(s_cfg->dn_pass);
+        else
+		bindcred.bv_len = 0;
 	ret = ldap_sasl_bind_s(s_cfg->ld, s_cfg->ldap_dn, NULL, &bindcred, NULL, NULL, NULL);
 #else /* LDAP_API_VERSION >= 2000 */
 	ret = ldap_simple_bind_s(s_cfg->ld, s_cfg->ldap_dn, s_cfg->dn_pass);

--- End Message ---
--- Begin Message ---
fixed 515952 1.1.16-1
thanks

On Wed, Feb 18, 2009 at 02:29:36PM +0100, Adam Sloboda wrote:
> Package: libapache2-mod-ldap-userdir
> Version: 1.1.14-1
> Severity: important
> Tags: patch
> 
> After upgrade from etch to lenny segfaults started to appear on access
> to userdir URL.  This is result of libapache2-mod-ldap-userdir anonymous
> bind configuration (works ok when LDAPUserDirDNInfo is configured).

This was fixed upstream in 1.1.15 and in Debian in 1.1.16-1. Sorry for the
delay in notifying you; I forgot to mention this bug number in the changelog
for 1.1.16-1.

john
-- 
John Morrissey          _o            /\         ----  __o
[email protected]        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__


--- End Message ---

Reply via email to