[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8240) OpenLDAP ber_get_next denial of service vulnerability
I wrote:
> If someone wants to crash-debug the input to slapd,
> let him #define something when building slapd. You could replace the
> assert() with debug_assert() or something. The same goes for any
> other assert which doesn't mean "assert(the code is correct)".
Look at LDAP_MEMORY_DEBUG and its doc in liblber/memory.c, for example.
With the note
"* ... If LDAP_MEMORY_DEBUG & 2 is true,
* that includes asserts known to break both slapd and current clients."