https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204566 Summary: Adjustment for new LDAP C SDK Product: Fedora Directory Server Version: 1.0.2 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: Directory Server AssignedTo: nhosoi@xxxxxxxxxx ReportedBy: nhosoi@xxxxxxxxxx QAContact: ohegarty@xxxxxxxxxx CC: ohegarty@xxxxxxxxxx Estimated Hours: 0.0 Description of problem: LDAP C SDK function -- ber_get_next_buffer_ext's API has been changed since the Sun code merge. (See also https://bugzilla.mozilla.org/show_bug.cgi?id=347933) We need to update the connection code to adjust. ber_get_next_buffer_ext in mozilla/directory/c-sdk/ldap/libraries/liblber/io.c Original: /* * Returns the tag of the message or LBER_DEFAULT if an error occurs. There * are two cases where LBER_DEFAULT is returned: * * 1) There was not enough data in the buffer to complete the message; this * is a "soft" error. In this case, *Bytes_Scanned is set to a positive * number. * * 2) A "fatal" error occurs. In this case, *Bytes_Scanned is set to zero. * To check for specific errors, the system error number (errno) must * be consulted. These errno values are explicitly set by this * function; other errno values may be set by underlying OS functions: * * EINVAL - LBER_SOCKBUF_OPT_VALID_TAG option set but tag does not match. * EMSGSIZE - length was not represented as <= sizeof(long) bytes or the * LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE option was set and the * message is longer than the maximum. *len will be set in * the latter situation. */ New: /* * Returns the tag of the message or LBER_ return code if an error occurs. * * If there was not enough data in the buffer to complete the message this * is a "soft" error. In this case, *Bytes_Scanned is set to a positive * number and return code is set to LBER_DEFAULT. * * On overflow condition when the length is either bigger than ber_uint_t * type or the value preset via LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE option, * *Bytes_Scanned is set to zero and return code is set to LBER_OVERFLOW. * * For backward compatibility errno is also set on these error conditions: * * EINVAL - LBER_SOCKBUF_OPT_VALID_TAG option set but tag doesnt match. * EMSGSIZE - an overflow condition as described above for LBER_OVERFLOW. */ ------- Additional Comments From nhosoi@xxxxxxxxxx 2006-08-29 21:26 EST ------- Created an attachment (id=135178) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=135178&action=view) cvs diff ldapserver/ldap/servers/slapd/connection.c File: ldapserver/ldap/servers/slapd/connection.c Changes:1) When ber_get_next_buffer_ext fails, not just LBER_DEFAULT but LBER_OVERFLOW can be set to the ber tag. Thus, LBER_OVERFLOW is also
checked in the error check now. 2) The too large length error used be checked as "errno == EMSGSIZE", which is replaced with "tag == LBER_OVERFLOW" 3) When the too large length error occurs, the following error was loggedin the errors log, which was not appropriate since increasing nsslapd-maxbersize did not solve the problem. connection - conn=7 fd=65 Incoming BER Element was too long, max allowable is 2097152 bytes. Change the nsslapd-maxbersize attribute in cn=config to increase.
Removed the error logging.
4) When the error occurs, B2 (== SLAPD_DISCONNECT_BER_TOO_BIG) is added
at the end of the closed error in the access log. Error code EMSGSIZE
and its description has been added:
conn=7 op=-1 fd=65 closed error 90 (Message too long) - B2
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
