Dailydave mailing list archives
??? Sun Directory Server 5.2 fun ???
From: payothl () free fr
Date: Fri, 10 Feb 2006 09:32:41 +0100
Hi Evgeny, I tried your "ProtoVer LDAP" on the last DS5.2Patch4 but without success. It appears from the error message that the Directory Server shut itself down after trying to allocate 1.6GB of memory after receiving a 40K request from a client. From the sample packet provided, it was a subtree search request with a base DN of "dc={40,000 plus signs},dc=example,dc=com" with a filter of "(foo=*)". The search base DN is technically malformed, but even if that's the case, then it is no excuse for causing the Directory Server to allocate an excessive amount of memory and shut itself down. However, I have tested this issue on both Solaris and Linux and have been unable to reproduce it. I am sending exactly the same request as contained in the e-mail message describing the problem, but I can't seem to make the server try to allocate a significant amount of memory, shut down, or become unresponsive in any way. I will say that behavior of the Directory Server is not entirely correct in that it never sends a response to the client, but it will eventually terminate the client connection. It appears that the length of time before the server closes the connection to the client is equal to two times the configured value of the nsslapd-ioblocktimeout attribute. There is a legitimate way to exploit this problem that I haven't discovered yet. I think that there is a little bit more configuration required before this can be exercised If you can reproduce this problem for yourself and provide me with the details regarding how you were able to do, I will appreciate. Guillaume
Current thread:
- ??? Sun Directory Server 5.2 fun ??? payothl (Feb 10)
- Re: ??? Sun Directory Server 5.2 fun ??? Evgeny Legerov (Feb 10)