[Ldapdns-devel] Patch against ldapdns 2: crash on malformed DNS requests

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear ldapdns author,
(CC to Debian Maintainer and to ldapdns 3 development mailing list)

I have encountered a few problems while trying to set up and use ldapdns
2.05, not the least of them having to do with the messy and incomplete
documentation!  Nonetheless I thank you much for your work, because I
think yours is all-around the best ldap-to-dns solution available today.

I managed to solve one of the (non-documentation related) problems I
found.  Here is an explanation and a patch, which the Debian maintainer
and the ldapdns 3 development team might be interested in discussing or
applying on their own.  I'm still working on other problems and I will
notify you if/when I come to any valuable conclusion or piece of code.


Description: malformed DNS requests get accepted by ldapdns and become
malformed LDAP queries.  The ldap server answers with an appropriate but
uncommon error, which makes ldapdns panic and restart itself.

Steps to reproduce:  host "<malformed.com" 127.0.0.1

Result: ldapdns[14995]: ldap_result (zonesearch): Invalid DN syntax
        ldapdns[15133]: starting ldapdns 2.05 (1:1/128)
(Note: this problem is not related to 1:1 mode or absence thereof.)

Solution: make ldapdns reject DNS queries for domains which include any
character not in the [a-zA-Z0-9.-] range.

Patch: attached below.  


I only have a vague understanding of the the DNS protocol and of ldapdns
internals.  If my patch goes against any RFC or other protocol
specification, please consider working on an appropriate solution.
Anyways this is a real problem that plagued my ldapdns server until I
patched it with this solution, so it is not something to overlook.


Best regards
Tobia Conforto

-- 
Love(n): The delusion that one woman differs from another.
						H.L. Mencken

--- ldapdns-2.06.orig/engine.c	2005-03-22 20:50:24.000000000 +0100
+++ ldapdns-2.06/engine.c	2005-03-22 20:48:37.000000000 +0100
@@ -695,6 +695,16 @@
 
 	/* q is valid: safe */
 	dns_to_name(sa, q, 0);
+	/* check that the query string does not contain funny characters */
+	for (r = 0; str(sa)[r]; r++) {
+		if (((str(sa)[r] | 32) < 'a' || (str(sa)[r] | 32) > 'z')
+				&& (str(sa)[r] < '0' || str(sa)[r] > '9')
+				&& str(sa)[r] != '-' && str(sa)[r] != '.') {
+			/* invalid query: return an error BEFORE asking ldap */
+			complete_phase(c, '/');
+			return;
+		}
+	}
 	if (ldapdns.dn_mode == DN_MODE_LDAPDNS) {
 		str_init(sb);
 		str_copy(sb, "(|(associatedDomain=");


