OpenLDAP 2.1.[23] dump core when scanned

[Thomas Nau <thomas.nau@rz.uni-ulm.de>]

Hi all.
Our server just crashed over night when it got scanned. We have been able
to reproduce the problem using the 'socket' tool:

	echo -n <single character> | socket server port

It doesn't matter which character you send to the server (the scanner used
','), slapd dumps core at

	libraries/liblber/io.c:536

code
	...
	AC_MEMCPY(buf, ber->ber_ptr, i);
	...

as i is equal -1. Sorry, I don't understand enough of the code to provide
a patch.

Thomas

Additional debug output from server
...
slapd startup: initiated.
slapd starting
synchronizer starting for /ldap/openldap/var/openldap-data
daemon: added 7r
daemon: added 8r
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 9
ldap_pvt_gethostbyname_a: host=frago, r=0
daemon: conn=0 fd=9 connection from IP=10.0.0.1:61163
(IP=0.0.0.0:9999) accepted.
daemon: added 9r
daemon: activity on:
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=9, got=1
  0000:  41                                                 A
Segmentation Fault (core dumped)


-----------------------------------------------------------------
PGP fingerprint: B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED
Phone:           +49 731 50 22464
FAX:             +49 731 50 22471