[Date Prev][Date Next] [Chronological] [Thread] [Top]

2.4.44 reproducible segfault via ldap search operation



Hi,

some hours ago I found a way to instantly kill our (production -sigh-
) slapd processed with a simple unauthenticated ldap search operation.
We are running 2.4.40 (from debian wheezy-backports) in production but
I was able to reproduce exactly the same behaviour with 2.4.44 (taken
from debian jessie-backports). While I'm building a minimal testcase
without internal information so I can provide it to the project (are
there more bug submission guidelines than
http://www.openldap.org/faq/data/cache/59.html ?), I wanted to ask how
you want me to handle this in my eyes quite serious incident. Should I
just post it to the mailing list or do you prefer a non-public
transmission first so the bug does not get exploited in a denial of
service use case before you had the chance to come up with a fix? I
will also try to verify if the problem is still existing in the
current git master or self compiled 2.4.44.

Best regards,
Karsten