[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8046) query caused slapd to stop

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8046) query caused slapd to stop
From: hyc@symas.com
Date: Thu, 20 Aug 2015 10:56:24 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Howard Chu wrote:
> Ryan Tandy wrote:
>> Hi again,
>>
>> 9d9913392a0346e23f07e65d7d0964c84e2c1277 is the first bad commit
>> commit 9d9913392a0346e23f07e65d7d0964c84e2c1277
>> Author: Howard Chu <hyc@openldap.org>
>> Date:   Thu Sep 18 02:06:38 2014 +0100
>>
>>      ITS#7942 plug leak in controls
>>
>> Reverting 8bdd54c and 9d99133 fixes the crash.
>>
>> I suppose it should probably get a CVE, and so on...
>>
> git history shows vrFilter_free has been broken ever since Kurt wrote it in
> 2002. Which pretty much means it was never getting called until #7942 plugged
> that memory leak.
>
For future reference, this was registered as CVE-2015-1546

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#8027) ldapsearch -E deref=member: crashes slapd
Next by Date: Re: (ITS#8218) segfault on sasl auth with malformed URI in config
Index(es):
- Chronological
- Thread