[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6226) Double free() with translucent+rwm

Full_Name: Test Seven
Version: 2.4.17
OS: Linux/Windows
Submission from: (NULL) (

Have sample setup with bdb database, add the following to the bottom of
overlay translucent
overlay rwm
uri "ldap://";
# (the server must not exist)

Run any search query against the server (with correct credentials).

Slapd tries to contact the remote server, then it properly returns an error (32,
or 52...) to the client, but then it aborts.

a) Change .conf:
uri "ldap://something.that.resolves.but.doesnt.respond";
b) Add to the bottom of .conf:
idassert-bind binddn="cn=doesnt,ou=matter" credentials=secret

The variations return different errors to the client, and may crash elsewhere.

Problem in the code (for Variation a):
ldap_back_dobind_int() calls send_ldap_result(op,rs), which eventually free-s
((*op).o_request).oq_search.rs_filterstr.bv_val; the same string is later free-d
after return to translucent_search() after being retrieved from local variable