Issue with ldap library #389
Description
There seems to be an issue with the ldap library when the application is dealing with startTLS connections without being configured for it
error generates in there https://github.com/glauth/ldap/blob/master/server.go#L208 where it seems that the connection is nil
see below
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x48 pc=0xd44f04]
goroutine 72 [running]:
crypto/tls.(*Conn).readClientHello(0xc000118700, {0x2095200?, 0xc0002ba000})
/usr/lib/go-1.21/src/crypto/tls/handshake_server.go:147 +0x84
crypto/tls.(*Conn).serverHandshake(0xc000118700, {0x2095200, 0xc0002ba000})
/usr/lib/go-1.21/src/crypto/tls/handshake_server.go:42 +0x3a
crypto/tls.(*Conn).handshakeContext(0xc000118700, {0x2095040, 0x2a45f80})
/usr/lib/go-1.21/src/crypto/tls/conn.go:1552 +0x3d3
crypto/tls.(*Conn).HandshakeContext(...)
/usr/lib/go-1.21/src/crypto/tls/conn.go:1492
crypto/tls.(*Conn).Handshake(...)
/usr/lib/go-1.21/src/crypto/tls/conn.go:1476
crypto/tls.(*Conn).Read(0xc000118700, {0xc00038604d, 0x1, 0xb38a89?})
/usr/lib/go-1.21/src/crypto/tls/conn.go:1356 +0x53
io.ReadAtLeast({0x7f367de37038, 0xc000118700}, {0xc00038604d, 0x1, 0x1}, 0x1)
/usr/lib/go-1.21/src/io/io.go:335 +0x90
io.ReadFull(...)
/usr/lib/go-1.21/src/io/io.go:354
github.com/go-asn1-ber/asn1-ber.readByte({0x7f367de37038, 0xc000118700})
/home/shipperizer/go/pkg/mod/github.com/go-asn1-ber/asn1-ber@v1.5.4/util.go:7 +0x53
github.com/go-asn1-ber/asn1-ber.readIdentifier({0x7f367de37038, 0xc000118700})
/home/shipperizer/go/pkg/mod/github.com/go-asn1-ber/asn1-ber@v1.5.4/identifier.go:14 +0x2f
github.com/go-asn1-ber/asn1-ber.readHeader({0x7f367de37038, 0xc000118700})
/home/shipperizer/go/pkg/mod/github.com/go-asn1-ber/asn1-ber@v1.5.4/header.go:15 +0x25
github.com/go-asn1-ber/asn1-ber.readPacket({0x7f367de37038, 0xc000118700})
/home/shipperizer/go/pkg/mod/github.com/go-asn1-ber/asn1-ber@v1.5.4/ber.go:287 +0x32
github.com/go-asn1-ber/asn1-ber.ReadPacket(...)
/home/shipperizer/go/pkg/mod/github.com/go-asn1-ber/asn1-ber@v1.5.4/ber.go:210
github.com/glauth/ldap.(*Server).handleConnection(0xc000380200, {0x2099888?, 0xc000126010?})
/home/shipperizer/go/pkg/mod/github.com/glauth/ldap@v0.0.0-20231210225823-b9bf4d1baf6e/server.go:230 +0x74
created by github.com/glauth/ldap.(*Server).Serve in goroutine 12
/home/shipperizer/go/pkg/mod/github.com/glauth/ldap@v0.0.0-20231210225823-b9bf4d1baf6e/server.go:208 +0xb3
triggered by:
shipperizer in ~/shipperizer/glauth-rock on main ● λ LDAPTLS_REQCERT=demand ldapsearch -LLL -H ldap://127.0.0.1:3893 -D cn=serviceuser,ou=svcaccts,dc=glauth,dc=com -ZZ -w mysecret -x -bdc=glauth,dc=com cn=hackers
ldap_start_tls: Connect error (-11)
additional info: The TLS connection was non-properly terminated.
config file:
#################
# glauth.conf
#################
# General configuration.
debug = true
# syslog = true
#
# This ([ldap] and [ldaps]) is the new server-config format
[ldap]
enabled = true
listen = "0.0.0.0:3893"
[ldaps]
enabled = false
listen = "0.0.0.0:3894"
cert = "certs/server.crt"
key = "certs/server.key"
#################
# The backend section controls the data store.
[backend]
datastore = "plugin"
plugin = "bin/linuxamd64/postgres.so"
pluginhandler = "NewPostgresHandler"
baseDN = "dc=glauth,dc=com"
database = "host=127.0.0.1 port=5432 dbname=glauth user=glauth password=glauth sslmode=disable"
nameformat = "cn"
groupformat = "ou"
#################
# Enable and configure the optional REST API here.
[api]
enabled = true
tls = false # enable TLS for production!!
listen = "0.0.0.0:5555"
cert = "cert.pem"
key = "key.pem"