[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4852) back-perl/str2entry odd interaction
Full_Name: Pierangelo Masarati
Version: HEAD/re23
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando
Malformed perl can cause a double free in str2entry2(). Steps to reproduce:
from back-perl's "search" routine, generate a malformed entry that begins with
"dn : ..." ends with "...\n\t".
Backtrace (from HEAD; similar in re23) follows:
(gdb) bt
#0 0x003957a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1 0x003d57a5 in raise () from /lib/tls/libc.so.6
#2 0x003d7209 in abort () from /lib/tls/libc.so.6
#3 0x0040971a in __libc_message () from /lib/tls/libc.so.6
#4 0x0040ffbf in _int_free () from /lib/tls/libc.so.6
#5 0x0041033a in free () from /lib/tls/libc.so.6
#6 0x08226022 in ber_memfree_x (p=0x84e5960, ctx=0x0) at memory.c:149
#7 0x080a11fe in ch_free (ptr=0x84e5960) at ch_malloc.c:139
#8 0x0808d12a in str2entry2 (s=0x0, checkvals=1) at entry.c:374
#9 0x0808c1a0 in str2entry (s=0x84e5838 "dn") at entry.c:100
#10 0x0813c7c8 in perl_back_search (op=0x84e50f8, rs=0xb78f01c8) at search.c:78
#11 0x080846f4 in fe_op_search (op=0x84e50f8, rs=0xb78f01c8) at search.c:374
#12 0x08084078 in do_search (op=0x84e50f8, rs=0xb78f01c8) at search.c:217
#13 0x08081083 in connection_operation (ctx=0xb78f02a4, arg_v=0x84e50f8)
at connection.c:1129
#14 0x08081550 in connection_read_thread (ctx=0xb78f02a4, argv=0x9)
at connection.c:1257
#15 0x081f38d4 in ldap_int_thread_pool_wrapper (xpool=0x8364c08) at tpool.c:704
#16 0x00692371 in start_thread () from /lib/tls/libpthread.so.0
#17 0x00475ffe in clone () from /lib/tls/libc.so.6