[Date Prev][Date Next]
Re: Crash on recursive rebind following referral (ITS#3359)
At 05:09 PM 10/8/2004, Kurt@OpenLDAP.org wrote:
>I believe your analysis is correct. I have applied a
>fix based upon your suggestion to HEAD. Please test.
I take that back, and have reverted the change. ldap_result()
is suppose to return 0 on timeout. Changing that breaks things.
>At 06:14 PM 10/5/2004, ipuleston@SonicWALL.com wrote:
>>I've located the bug. On the 2nd referral there is a timeout waiting for the
>>reply from the server (not sure why just yet), and when that happens
>>function wait4msg() incorrectly returns result code 0 to ldap_result() which
>>takes this as success and so expects there to be a reply message. wait4msg()
>>should be returning -1 on a timeout, not 0.
>>The following piece of code in wait4msg() is the culprit (it is still like
>>this in 2.2.17):
>> rc = ldap_int_select( ld, tvp );
>> if ( rc == 0 || ( rc == -1 && (
>> !LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART)
>> || errno != EINTR )))
>> ld->ld_errno = (rc == -1 ? LDAP_SERVER_DOWN :
>> return( rc );
>>That last line should be changed to:
>> return( -1 );