[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7588) SSSVLV can cause segmentation fault

To: openldap-its@OpenLDAP.org
Subject: (ITS#7588) SSSVLV can cause segmentation fault
From: kevinanties@gmail.com
Date: Fri, 10 May 2013 01:46:03 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: kevin 
Version: 2.4.35
OS: ubuntu
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (202.64.130.126)


The problem is due to double free pointers in send_page() and free_sort_op()
function.
 
In send_page function, some nodes of so_tree have been free by ch_free and
ber_memfree function. If a client suddenly aborts the connection, free_sort_op
function will be called. In free_sort_op function, tavl_free() will be called
and it try to free the nodes of so_tree. Hoverer, some of nodes had already free
before and segmentation resulted. 

A possible solution is to to check whether it is a paged request in free_sort_op
function. If yes, continuous to free the next node of so_tree but not free
previous node.

Prev by Date: (ITS#7587) slapd crashes when using pcache overlay applied to a translucent proxy
Next by Date: (ITS#7589) MDB nodesize issues
Index(es):
- Chronological
- Thread