[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5525) libldap causes a core dump due to accessing freed memory
paul@mad-scientist.us wrote:
> Full_Name: Paul Smith
> Version: 2.4.7
> OS: Ubuntu 8.04
> URL:
> Submission from: (NULL) (65.78.30.67)
> If you check ldap_free_connection() you'll see that it removes the LDAPConn
> pointer "lc" from the list of connections before it is freed.
>
> BUT! The ldap_free_connection() function never does anything with the
> ld->ld_defconn pointer, so if the connection we just freed is the one pointed to
> by ld->ld_defconn, it is now pointing to freed memory. And that causes the
> problem detected above by valgrind, or causing an assert later on: accessing
> freed memory.
>
> I'm not really sure what the right thing to do here is, or I'd provide a patch.
> Should we set ld_defconn to NULL? Is that ever a valid state? Or should we
> just pick another connection from the list (and what if there isn't one?)
A fix is now in HEAD, please test. The solution sets ld_defconn to NULL, and
also closes ld->ld_sb if necessary. In that case, ldap_send_initial_request
will create a new defconn before calling ldap_send_server_request.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/