slapd crashes with bogus sasl-regex

[Igor Brezac <igor@ipass.net>]

Hello,

openldap 2.1.16 crashes when sasl-regex generates invalid DNs.  Actually,
the crash occurs after the second query is performed with a valid
sasl-regex.

sasl-regexp             uid=(.*),cn=(.*),cn=(.*),cn=auth
                        associateddomain=$2,cn=$1,ou=people,o=istra
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                        Generates invalid dn

sasl-regexp             uid=(.*),cn=(.*),cn=auth
                        cn=$1,ou=people,ou=admin,o=istra


I thought this problem was fixed awhile back, but it still present.
Please let me know if you need any more info.  The backtrace is somewhat
limited because the slapd binary is compiled without debug and it is
stripped.

# mdb /usr/local/libexec/slapd core
Loading modules: [ libc.so.1 libthread.so.1 ld.so.1 ]
> $C
fb3ffa00 libc.so.1`_free_unlocked+0x40(2736e2, 0, 275f2c, fefba000, 0, 0)
fb3ffa60 libc.so.1`free+0x20(2736e2, 1aa400, 2, 273fd0, 37, 60464)
fb3ffac0 ber_memfree+0x2c(2736e2, 1, 273fd0, 37, 2749b0, 2)
fb3ffb30 ch_free+4(2736e2, 1a8800, 274974, 8001, 273f20, ff354648)
fb3ffba0 0x60d58(2736c0, 22a810, 273fd0, 37, 2740d1, 37)
fb3ffc58 libsasl2-2.1.12.so`sasl_server_step+0x1c0(0, 228c40, 0, fb3ffddc, fb3ffdd4, ff35a880)
fb3ffce0 libsasl2-2.1.12.so`sasl_server_start+0x43c(0, 275910, 228c40, 0, fb3ffddc, fb3ffdd4)
fb3ffd68 slap_sasl_bind+0x14c(22a810, 274408, fb3ffe90, fb3ffe88, fb3ffe78, fb3ffe80)
fb3ffdf0 do_bind+0x818(22a810, 274408, 2d95c, 0, 0, 0)
fb3ffeb8 0x2d984(274a60, 227fb8, 2d850, 0, 0, 0)
fb3fff30 0xaadfc(1ba320, 0, 0, 0, 0, 0)
fb3fffa0 libthread.so.1`_lwp_start(0, 0, 0, 0, 0, 0)


====> bdb_cache_return_entry_r( 42672 ): created (0)
<==slap_sasl2dn: Converted SASL name to cn=root,ou=people,ou=admin,o=istra
getdn: dn:id converted to cn=root,ou=people,ou=admin,o=pb
Bus Error (core dumped)

-- 
Igor