Full_Name: Aitor Carrera Version: 2.4.21 OS: SLES10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (95.126.219.248) When we use a non root user to bind, with multiple threads and some concurrent proxies 1 .- In meta_back_bind_op_result method, in back-meta bind.c file the assert "assert( LDAP_BACK_CONN_BINDING( msc ) );" is evaluated to false. 2.- Next, calls meta_back_cancel (bind.c) and then ldap_abandon_ext and other assert is evaluated to false: slapd: sasl.c:74: ldap_sasl_bind: Assertion `ld != ((void *)0)' failed. That crash the slapd.
With this pacth it is solved, we added a precompiler macro to contribute the patch because we are not sure about security issues related this problem. META_BACK_REFCNT_MUST_BE_ZERO_FOR_INVALIDATING_EXPIRED_CONNECTION => It must be defined for solving this issue diff -Naur openldap-2.4.21.orig/servers/slapd/back-meta/conn.c openldap-2.4.21/servers/slapd/back-meta/conn.c --- openldap-2.4.21.orig/servers/slapd/back-meta/conn.c 2011-07-26 13:40:40.989376998 +0200 +++ openldap-2.4.21/servers/slapd/back-meta/conn.c 2011-07-26 13:51:40.537383269 +0200 @@ -1156,6 +1156,9 @@ mc = NULL; } else { +#ifdef META_BACK_REFCNT_MUST_BE_ZERO_FOR_INVALIDATING_EXPIRED_CONNECTION + if ( mc->mc_refcnt == 0) +#endif if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl ) || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) ) { Regards -------------------------------------------------------- Aitor Carrera Hernández - Edosoft Factory Telf. +34 828021575 Fax. +34 828066081 Antonio María Manrique 3, Planta 2 - Oficina 6. 35011 Las Palmas de Gran Canaria --------------------------------------------------------
> Full_Name: Aitor Carrera Please check with latest release (or master code); please upload patches according to <http://www.openldap.org/devel/contributing.html>. p.
changed state Open to Feedback
moved from Incoming to Software Bugs