search

go-ldap / ldap

Basic LDAP v3 functionality for the GO programming language.
Other
2.23k stars 352 forks source link

Fix deadlocks caused by invalid connection state #432

Closed cholland1989 closed 1 year ago

cholland1989 commented 1 year ago

We are using this library as part of a network probe, where we attempt to make an unauthenticated bind and gather some basic information about a host that appears to be listening on the standard LDAP ports. We found that in some rare cases, the connection may be killed out-of-band or black holed by an intermediary firewall.

In these cases, we identified a couple of deadlocks in the v3.Conn.Close and v3.messageContext.sendResponse methods:

goroutine 2045 [chan receive, 2586 minutes]:
github.com/go-ldap/ldap/v3.(*Conn).Close(0xc00d6c4d00)
    /home/runner/go/pkg/mod/github.com/go-ldap/ldap/v3@v3.4.4/conn.go:270 +0xff
goroutine 11123636 [select, 2589 minutes]:
github.com/go-ldap/ldap/v3.(*messageContext).sendResponse(...)
    /home/runner/go/pkg/mod/github.com/go-ldap/ldap/v3@v3.4.4/conn.go:64

This PR fixes these deadlock conditions by applying the configured timeout in both cases.