bug in src/libs/zbxsysinfo/simple/simple.c
      static int check_ldap(const char *host, unsigned short port, int timeout, int *value_int)

      if cn=config is populated and slapd is running but there has yet to be a dit added to the database the following line will return null

      attr = ldap_first_attribute(ldap, msg, &ber);

      which causes the following

      valRes = ldap_get_values(ldap, msg, attr);

      to pass a null parameter to the ldap library which causes an assertion to be raised.

      the result of this assertion being raised causes the entire zabbix server to crash hard until restarted.

      This is due the fact that namingContexts isn't yet populated for the null dn.

      ldapsearch -H ldapi:/// -Y EXTERNAL -b '' -s base namingContexts

      1. extended LDIF
        #
      2. LDAPv3
      3. base <> with scope baseObject
      4. filter: (objectclass=*)
      5. requesting: namingContexts
        #

      #
      dn:

      1. search result
        search: 2
        result: 0 Success
      1. numResponses: 2
      2. numEntries: 1

      This can all be avoided by continuing the checks which are done above the impacted line

      if (NULL == (attr = ldap_first_attribute(ldap, msg, &ber))

      { zabbix_log(LOG_LEVEL_DEBUG, "LDAP - empty first entry result. [%s] [%s]", host, ldap_err2string(ldapErr)); goto lbl_ret; }

      It should be unneeded to wrap the final ldap call
      valRes = ldap_get_values(ldap, msg, attr);
      as even if this returns null the result is not used further down.

            Unassigned Unassigned
            russelljancewicz Russell Jancewicz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: