apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 60972] New: apr_ldap_url.c:apr_ldap_url_parse_ext() 1.6.x captures port in hostname parsing LDAP URL
Date Wed, 12 Apr 2017 01:44:08 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=60972

            Bug ID: 60972
           Summary: apr_ldap_url.c:apr_ldap_url_parse_ext() 1.6.x captures
                    port in hostname parsing LDAP URL
           Product: APR
           Version: HEAD
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: APR-util
          Assignee: bugs@apr.apache.org
          Reporter: apr20170412@was.me.uk
  Target Milestone: ---

The apr_ldap_url_parse_ext() function scans for a colon and port number in LDAP
URL but, in branch 1.6.x, does not replace the colon with a nul character,
resulting in the host:port being assigned to the (apr_ldap_url_desc_t
*)ludp->lud_host field, which cannot resolve.

That is, an LDAP URL with a manually specified port will always fail.

Interestingly this bug does not exist in branch 0.9.x which correctly replaced
the colon with a nul character separating the host from the port with the
following code:

    if ( q != NULL ) {
        *q++ = '\0';

The bug appears to have been introduced in branch 1.0.x and is in every branch
since.

This affects Apache 2.4.25.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message