[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8385) Use After Free of struct ldap_common in slap_client_connect

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8385) Use After Free of struct ldap_common in slap_client_connect
From: hyc@symas.com
Date: Sat, 12 Mar 2016 11:04:40 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

> Thanks for the report. Inspection shows that the issue only exists in
> libldap's GnuTLS support. As always, the Project recommends you use OpenSSL.
>
> It also looks like only the ldo_tls_require_cert field is being used so we can
> probably just copy that flag instead of keeping a pointer to the ldap options
> structure.
>
Fixed now in git master.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#8385) Use After Free of struct ldap_common in slap_client_connect
Next by Date: (ITS#8386) Small LMDB Documentation patch
Index(es):
- Chronological
- Thread