panic: Multiple panics in GetLDAPError

`GetLDAPError` has been observed to panic when calling `SimpleBind` against certain targets.

```

panic: interface conversion: interface {} is nil, not string

[github.com/go-ldap/ldap/v3.GetLDAPError(0xc009b6ccb0)](http://github.com/go-ldap/ldap/v3.GetLDAPError(0xc009b6ccb0))
    /home/runner/go/pkg/mod/github.com/go-ldap/ldap/v3@v3.4.5/error.go:216 +0x368
[github.com/go-ldap/ldap/v3.(*Conn).SimpleBind](http://github.com/go-ldap/ldap/v3.(*Conn).SimpleBind)(0xc013ed47e0, 0xc004d16300?)
    /home/runner/go/pkg/mod/github.com/go-ldap/ldap/v3@v3.4.5/bind.go:90 +0x2b4
[github.com/go-ldap/ldap/v3.(*Conn).UnauthenticatedBind(...)](http://github.com/go-ldap/ldap/v3.(*Conn).UnauthenticatedBind(...))
    /home/runner/go/pkg/mod/github.com/go-ldap/ldap/v3@v3.4.5/bind.go:121
```

While I cannot provide the original packets that triggered this initially I have been able to reproduce this panic and one other using a modified version of the existing `TestGetLDAPError` test for `GetLDAPError`.

___

Reproducer for `interface conversion: interface {} is nil, not string`  at `error.go:216`

```go
package main

import (
	"fmt"

	ber "github.com/go-asn1-ber/asn1-ber"
	ldap "github.com/go-ldap/ldap/v3"
)

func main() {
	bindResponse := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ldap.ApplicationBindResponse, nil, "Bind Response")
	bindResponse.AppendChild(ber.Encode(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, int64(ldap.LDAPResultInvalidCredentials), "resultCode"))
	bindResponse.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, "dc=example,dc=org", "matchedDN"))

	// Original message included the line below
	// bindResponse.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, diagnosticMessage, "diagnosticMessage"))
	bindResponse.AppendChild(ber.Encode(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, nil, "diagnosticMessage"))

	packet := ber.NewSequence("LDAPMessage")
	packet.AppendChild(ber.Encode(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, int64(0), "messageID"))
	packet.AppendChild(bindResponse)

	fmt.Printf("packet: %+v\n", packet)
	_ = ldap.GetLDAPError(packet)
}
```

Results

```shell
go run main.go
packet: &{Identifier:{ClassType:0 TagType:32 Tag:16} Value:<nil> ByteValue:[] Data:adc=example,dc=org Children:[0x140000ee2a0 0x140000ee070] Description:LDAPMessage}
panic: interface conversion: interface {} is nil, not string

goroutine 1 [running]:
github.com/go-ldap/ldap/v3.GetLDAPError(0x140000ee230)
        /Users/tom.sellers/go/pkg/mod/github.com/go-ldap/ldap/v3@v3.4.5/error.go:216 +0x380
main.main()
        /Users/tom.sellers/Downloads/ldap-testing/main.go:24 +0x19c
exit status 2
```

Related code

https://github.com/go-ldap/ldap/blob/36463555bb76591f89b1869161b6ef228e947d19/error.go#L213-L217
___

Reproducer for `interface conversion: interface {} is string, not int64`  at `error.go:209`

```go
package main

import (
	ber "github.com/go-asn1-ber/asn1-ber"
	ldap "github.com/go-ldap/ldap/v3"
)

func main() {
	diagnosticMessage := "Detailed error message"
	bindResponse := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ldap.ApplicationBindResponse, nil, "Bind Response")

	bindResponse.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, "dc=example,dc=org", "matchedDN"))
	bindResponse.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, diagnosticMessage, "diagnosticMessage"))

	// The following was originally the first call to bindResponse.AppendChild()
	bindResponse.AppendChild(ber.Encode(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, int64(ldap.LDAPResultInvalidCredentials), "resultCode"))

	packet := ber.NewSequence("LDAPMessage")
	packet.AppendChild(ber.Encode(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, int64(0), "messageID"))
	packet.AppendChild(bindResponse)
	_ = ldap.GetLDAPError(packet)
}
```

Results
```shell
go run main.go
panic: interface conversion: interface {} is string, not int64

goroutine 1 [running]:
github.com/go-ldap/ldap/v3.GetLDAPError(0x1400011c230)
        /Users/tom.sellers/go/pkg/mod/github.com/go-ldap/ldap/v3@v3.4.5/error.go:209 +0x3a0
main.main()
        /Users/tom.sellers/Downloads/ldap-testing/main.go:21 +0x158
exit status 2
```

Related code

https://github.com/go-ldap/ldap/blob/36463555bb76591f89b1869161b6ef228e947d19/error.go#L208-L209

	return &Error{
	ResultCode: resultCode,
	MatchedDN: response.Children[1].Value.(string),
	Err: fmt.Errorf("%s", response.Children[2].Value.(string)),
	Packet: packet,

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

panic: Multiple panics in GetLDAPError #453

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	if response.ClassType == ber.ClassApplication && response.TagType == ber.TypeConstructed && len(response.Children) >= 3 {
	resultCode := uint16(response.Children[0].Value.(int64))

panic: Multiple panics in GetLDAPError #453

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions