[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6226) Double free() with translucent+rwm

To: openldap-its@OpenLDAP.org
Subject: (ITS#6226) Double free() with translucent+rwm
From: test.007@seznam.cz
Date: Thu, 23 Jul 2009 14:17:19 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Test Seven
Version: 2.4.17
OS: Linux/Windows
URL: 
Submission from: (NULL) (195.113.184.10)


Have sample setup with bdb database, add the following to the bottom of
slapd.conf:
overlay translucent
overlay rwm
uri "ldap://127.6.6.6/";
# (the server 127.6.6.6 must not exist)

Run any search query against the server (with correct credentials).

Slapd tries to contact the remote server, then it properly returns an error (32,
or 52...) to the client, but then it aborts.

Variations:
a) Change .conf:
uri "ldap://something.that.resolves.but.doesnt.respond";
b) Add to the bottom of .conf:
idassert-bind binddn="cn=doesnt,ou=matter" credentials=secret

The variations return different errors to the client, and may crash elsewhere.

Problem in the code (for Variation a):
ldap_back_dobind_int() calls send_ldap_result(op,rs), which eventually free-s
((*op).o_request).oq_search.rs_filterstr.bv_val; the same string is later free-d
after return to translucent_search() after being retrieved from local variable
"fbv".

Prev by Date: (ITS#6225) GSSAPI support for client library (fixes)
Next by Date: 2.4.17 - autogroup overlay breaks searches
Index(es):
- Chronological
- Thread