[python-ldap] segfault/Abort for operations with unbound connection

Michael Ströder michael at stroeder.com
Tue Jan 26 10:01:03 EST 2016


Petr Viktorin wrote:
> On 01/26/2016 12:06 PM, Michael Ströder wrote:
>> Petr Viktorin wrote:
>>> On 12/02/2015 04:29 PM, Space One wrote:
>>>> how can I check if a connection is still valid? Is there some
>>>> no-operation which is really fast?
>>>> I tried to just use whoami_s() but this segfaults always:
>>
>> Thanks for the patch. Fix for Modules/LDAPObject.c will be released in 2.4.26.
>>
>> I also wonder whether ldap.ldapobject.LDAPObject.unbind_ext() should simply
>> remove class attribute LDAPObject._l and a check be added to method
>> LDAPObject._ldap_call(). That would be an approach which protects any C method
>> implementation from being called for invalid LDAP connection.
> 
> Right, that would make it safer.

Done.

http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Lib/ldap/ldapobject.py?r1=1.151&r2=1.152

I did not add raising a specific exception in LDAPObject._ldap_call() yet.
It will currently just raise AttributeError like this:

Traceback (most recent call last):
  File "/home/michael/tmp/test.py", line 6, in <module>
    l.whoami_s()
  File
"/home/michael/Proj/python-ldap/python-ldap/build/lib.linux-x86_64-2.7/ldap/ldapobject.py",
line 643, in whoami_s
    return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls)
  File
"/home/michael/Proj/python-ldap/python-ldap/build/lib.linux-x86_64-2.7/ldap/ldapobject.py",
line 136, in __getattr__
    self.__class__.__name__,repr(name)
AttributeError: SimpleLDAPObject has no attribute '_l'

Let me know what you think. There might also be some corner-case within
ReconnectLDAPObject which I did not investigate yet.

> To address the original question, perhaps LDAPObject should grow a
> utility method/attribute for checking if the _l is still there?

I'd prefer people to write correct application code. ;-)

Seriously: Such a utility method/attribute might lead people to believe it's
something which has to be checked regularly. IMHO it's not. The calling code has
to be fixed.

But of course python-ldap must *never* seg fault if the calling code is wrong.
So thanks again for pointing this out.

Ciao, Michael.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20160126/8d044f3b/attachment-0001.bin>


More information about the python-ldap mailing list