Re: Net::LDAP::Extension::Refresh doesn't understand responce from server

Thu, 28 Dec 2017 04:10:58 -0800 

Hi Zeus,

Am Dienstag, 26. Dezember 2017, 14:49:10 CET schrieb Zeus Panchenko:
> while playing with refresh()/get_ttl() I found that
> Net::LDAP::Extension::Refresh doesn't understand OpenLDAP server reply
> in case when option dds-max-ttl is less than ttl I want to set with
> refresh()
> 
> if in slapd.conf I set `dds-max-ttl 1d' and try to refresh ttl ->
> 5754911 with:
> 
> ldapexop ... "refresh" "uid=..." 5754911
> 
> I receive:
> 
> ldap_parse_result: Size limit exceeded (4)
>                  additional info: time-to-live for dynamicObject exceeds limit
> 
> 
> but code with Net::LDAP::Extension::Refresh spawns this:
> 
> Use of uninitialized value $end in numeric ge (>=) at
> /usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm line 626. Use of
> uninitialized value $end in numeric eq (==) at
> /usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm line 63.
This error message looks like it is from Convert::ASN1
and complaining about the variable $end not being defined.

Have you tried patching usr/local/lib/perl5/site_perl/Convert/ASN1/_decode.pm?
Here's what I'd try as a first idea:

-------- 8< snip >8 --------
--- _decode.pm    2014-06-25 20:47:34.000000000 +0200
+++ _decode.pm  2017-12-28 12:56:46.360571473 +0100
@@ -49,6 +49,8 @@
   my ($optn, $ops, $stash, $pos, $end, $seqof, $larr) = @_;
   my $idx = 0;
 
+  $end = 0 unless defined $end;
+
   # we try not to copy the input buffer at any time
   foreach my $buf ($_[-1]) {
     OP:
@@ -623,6 +625,8 @@
 sub _decode_tl {
   my($pos,$end,$larr) = @_[1,2,3];
 
+  $end = 0 unless defined $end;
+
   return if $pos >= $end;                                                      
                                         
                                                                                
                                         
   my $indef = 0
-------- 8< snip >8 --------

Does it change the results?
PS: no warranty - it may affect other parts of perl-ldap as well


> after setting dds-max-ttl to some big enough value, same code works well
Do I get it right, that only the error case (i.e. setting the ttl to a higher 
value than allowed) fails, while the correct case (setting the ttl to a value 
within the bounds allowed) works?

In any case, can you provde a minimal test case that allows reporducing the
success and failure cases?!

Thanks in advance
PEter

-- 
Peter Marschall
[email protected]

Reply via email to