[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5525) libldap causes a core dump due to accessing freed memory

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5525) libldap causes a core dump due to accessing freed memory
From: hyc@symas.com
Date: Fri, 23 May 2008 08:12:10 GMT

paul@mad-scientist.us wrote:
> Full_Name: Paul Smith
> Version: 2.4.7
> OS: Ubuntu 8.04
> URL:
> Submission from: (NULL) (65.78.30.67)

> If you check ldap_free_connection() you'll see that it removes the LDAPConn
> pointer "lc" from the list of connections before it is freed.
>
> BUT!  The ldap_free_connection() function never does anything with the
> ld->ld_defconn pointer, so if the connection we just freed is the one pointed to
> by ld->ld_defconn, it is now pointing to freed memory.  And that causes the
> problem detected above by valgrind, or causing an assert later on: accessing
> freed memory.
>
> I'm not really sure what the right thing to do here is, or I'd provide a patch.
> Should we set ld_defconn to NULL?  Is that ever a valid state?  Or should we
> just pick another connection from the list (and what if there isn't one?)

A fix is now in HEAD, please test. The solution sets ld_defconn to NULL, and 
also closes ld->ld_sb if necessary. In that case, ldap_send_initial_request 
will create a new defconn before calling ldap_send_server_request.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Permission denied while opening odbcinst.ini
Next by Date: Re: (ITS#5429) component Matching
Index(es):
- Chronological
- Thread