[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8046) query caused slapd to stop

Howard Chu wrote:
> Ryan Tandy wrote:
>> Hi again,
>> 9d9913392a0346e23f07e65d7d0964c84e2c1277 is the first bad commit
>> commit 9d9913392a0346e23f07e65d7d0964c84e2c1277
>> Author: Howard Chu <hyc@openldap.org>
>> Date:   Thu Sep 18 02:06:38 2014 +0100
>>      ITS#7942 plug leak in controls
>> Reverting 8bdd54c and 9d99133 fixes the crash.
>> I suppose it should probably get a CVE, and so on...
> git history shows vrFilter_free has been broken ever since Kurt wrote it in
> 2002. Which pretty much means it was never getting called until #7942 plugged
> that memory leak.
For future reference, this was registered as CVE-2015-1546

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/