https://bugs.openldap.org/show_bug.cgi?id=9530
Issue ID: 9530
Summary: double-free in options.c
Product: OpenLDAP
Version: 2.4.58
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I've been seeing double-free errors in valgrind when calling
ldap_set_option(lc, LDAP_OPT_DEFBASE)
I tracked it down to code in ldap_create() in open.c.
When we copy the global options to the new LDAP *, we create new versions of
some but not all malloced options. The ldo_defbase and ldo_defbinddn option
members are strings that are *not* reallocated (ldo_defbase may not be
important).
This diff appears to fix the problem:
diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index 5882b6336..0828d334e 100644
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -139,6 +139,14 @@ ldap_create( LDAP **ldp )
ld->ld_options.ldo_defludp = NULL;
ld->ld_options.ldo_conn_cbs = NULL;
+ /* Norm Green, April 20, 2021 - fix pointers that get copied.
+ * must realloc these to prevent double-free errors */
+
+ ld->ld_options.ldo_defbase = gopts->ldo_defbase ?
+ LDAP_STRDUP(gopts->ldo_defbase) : NULL;
+ ld->ld_options.ldo_defbinddn = gopts->ldo_defbinddn ?
+ LDAP_STRDUP(gopts->ldo_defbinddn) : NULL;
+
--
You are receiving this mail because:
You are on the CC list for the issue.
