Issue 6946 - ldapexop: ber_free_buf: Assertion failed
Summary: ldapexop: ber_free_buf: Assertion failed
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.25
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-19 16:55 UTC by jvcelak@redhat.com
Modified: 2014-08-01 21:04 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description jvcelak@redhat.com 2011-05-19 16:55:34 UTC 
Full_Name: Jan Vcelak
Version: 2.4.25
OS: Linux
URL: ftp://ftp.openldap.org/incoming/jvcelak-110519-ldapexop-double-free.patch
Submission from: (NULL) (209.132.186.34)


Hello.

A problem with crashing ldapexop was reported to our bugzilla. All versions
since 2.4.24 are affected. It seems that the bug was introduced by following
change in ldapexop.c.

http://www.openldap.org/devel/cvsweb.cgi/clients/tools/ldapexop.c.diff?r1=1.19&r2=1.20

Easy to reproduce. With clean configuration run:
$ ldapexop -H ldap:// -x whoami
anonymous
ldapexop: ../../../libraries/liblber/io.c:186: ber_free_buf: Assertion
`((ber)->ber_opts.lbo_valid==0x2)' failed.
Aborted

Complete steps to reproduce in Fedora are specified in the original bugreport:
https://bugzilla.redhat.com/show_bug.cgi?id=699683

I think it is cause by double freeing the result. I am attaching a proposed
patch. Please, review my change.

Thank you.

Jan
Comment 1 Howard Chu 2011-06-04 02:32:23 UTC 
jvcelak@redhat.com wrote:
> Full_Name: Jan Vcelak
> Version: 2.4.25
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/jvcelak-110519-ldapexop-double-free.patch
> Submission from: (NULL) (209.132.186.34)
>
>
> Hello.
>
> A problem with crashing ldapexop was reported to our bugzilla. All versions
> since 2.4.24 are affected. It seems that the bug was introduced by following
> change in ldapexop.c.
>
> http://www.openldap.org/devel/cvsweb.cgi/clients/tools/ldapexop.c.diff?r1=1.19&r2=1.20
>
> Easy to reproduce. With clean configuration run:
> $ ldapexop -H ldap:// -x whoami
> anonymous
> ldapexop: ../../../libraries/liblber/io.c:186: ber_free_buf: Assertion
> `((ber)->ber_opts.lbo_valid==0x2)' failed.
> Aborted
>
> Complete steps to reproduce in Fedora are specified in the original bugreport:
> https://bugzilla.redhat.com/show_bug.cgi?id=699683
>
> I think it is cause by double freeing the result. I am attaching a proposed
> patch. Please, review my change.
>
> Thank you.

Thanks for the report, patch applied to git.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
Comment 2 Howard Chu 2011-06-04 02:32:59 UTC 
changed notes
changed state Open to Test
moved from Incoming to Software Bugs
Comment 3 Quanah Gibson-Mount 2011-06-08 21:22:27 UTC 
changed notes
Comment 4 Quanah Gibson-Mount 2011-06-08 21:22:28 UTC 
changed state Test to Release
Comment 5 Quanah Gibson-Mount 2011-07-18 19:54:10 UTC 
changed notes
changed state Release to Closed
Comment 6 OpenLDAP project 2014-08-01 21:04:36 UTC 
fixed in HEAD
fixed in RE24