[python-ldap] segfault/Abort for operations with unbound connection

Tue Jan 26 10:21:05 EST 2016

Space One wrote:
> AttributeError is IMHO not good, please better raise ldap.SERVER_DOWN so
> that one can handle it.

I consider ldap.SERVER_DOWN to be inappropriate in this case because it
indicates an error the application can recover from by proper reconnect.

But in case the application calls some LDAPObject method *after* unbinding then
the application's code has to be fixed. This is a different case!

Ciao, Michael.

> Am 26.01.2016 um 16:01 schrieb Michael Ströder:
>> Petr Viktorin wrote:
>>> On 01/26/2016 12:06 PM, Michael Ströder wrote:
>>>> Petr Viktorin wrote:
>>>>> On 12/02/2015 04:29 PM, Space One wrote:
>>>>>> how can I check if a connection is still valid? Is there some
>>>>>> no-operation which is really fast?
>>>>>> I tried to just use whoami_s() but this segfaults always:
>>>> Thanks for the patch. Fix for Modules/LDAPObject.c will be released in 2.4.26.
>>>>
>>>> I also wonder whether ldap.ldapobject.LDAPObject.unbind_ext() should simply
>>>> remove class attribute LDAPObject._l and a check be added to method
>>>> LDAPObject._ldap_call(). That would be an approach which protects any C method
>>>> implementation from being called for invalid LDAP connection.
>>> Right, that would make it safer.
>> Done.
>>
>> http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Lib/ldap/ldapobject.py?r1=1.151&r2=1.152
>>
>> I did not add raising a specific exception in LDAPObject._ldap_call() yet.
>> It will currently just raise AttributeError like this:
>>
>> Traceback (most recent call last):
>>   File "/home/michael/tmp/test.py", line 6, in <module>
>>     l.whoami_s()
>>   File
>> "/home/michael/Proj/python-ldap/python-ldap/build/lib.linux-x86_64-2.7/ldap/ldapobject.py",
>> line 643, in whoami_s
>>     return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls)
>>   File
>> "/home/michael/Proj/python-ldap/python-ldap/build/lib.linux-x86_64-2.7/ldap/ldapobject.py",
>> line 136, in __getattr__
>>     self.__class__.__name__,repr(name)
>> AttributeError: SimpleLDAPObject has no attribute '_l'
>>
>> Let me know what you think. There might also be some corner-case within
>> ReconnectLDAPObject which I did not investigate yet.
>>
>>> To address the original question, perhaps LDAPObject should grow a
>>> utility method/attribute for checking if the _l is still there?
>> I'd prefer people to write correct application code. ;-)
>>
>> Seriously: Such a utility method/attribute might lead people to believe it's
>> something which has to be checked regularly. IMHO it's not. The calling code has
>> to be fixed.
>>
>> But of course python-ldap must *never* seg fault if the calling code is wrong.
>> So thanks again for pointing this out.
>>
>> Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20160126/b45c4cfb/attachment.bin>