[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8240) OpenLDAP ber_get_next denial of service vulnerability

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8240) OpenLDAP ber_get_next denial of service vulnerability
From: h.b.furuseth@usit.uio.no
Date: Sat, 12 Sep 2015 18:12:21 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

I wrote:
> If someone wants to crash-debug the input to slapd,
> let him #define something when building slapd.  You could replace the
> assert() with debug_assert() or something.  The same goes for any
> other assert which doesn't mean "assert(the code is correct)".

Look at LDAP_MEMORY_DEBUG and its doc in liblber/memory.c, for example.
With the note
"* ... If LDAP_MEMORY_DEBUG & 2 is true,
  * that includes asserts known to break both slapd and current clients."

Prev by Date: Re: (ITS#8240) OpenLDAP ber_get_next denial of service vulnerability
Next by Date: Re: (ITS#7964) overlay rwm escape issue with more the 9 rules / rewrite statements
Index(es):
- Chronological
- Thread