[email protected] wrote: > Full_Name: Jan Vcelak > Version: 2.4.25 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/jvcelak-110519-ldapexop-double-free.patch > Submission from: (NULL) (209.132.186.34) > > > Hello. > > A problem with crashing ldapexop was reported to our bugzilla. All versions > since 2.4.24 are affected. It seems that the bug was introduced by following > change in ldapexop.c. > > http://www.openldap.org/devel/cvsweb.cgi/clients/tools/ldapexop.c.diff?r1=1.19&r2=1.20 > > Easy to reproduce. With clean configuration run: > $ ldapexop -H ldap:// -x whoami > anonymous > ldapexop: ../../../libraries/liblber/io.c:186: ber_free_buf: Assertion > `((ber)->ber_opts.lbo_valid==0x2)' failed. > Aborted > > Complete steps to reproduce in Fedora are specified in the original bugreport: > https://bugzilla.redhat.com/show_bug.cgi?id=699683 > > I think it is cause by double freeing the result. I am attaching a proposed > patch. Please, review my change. > > Thank you.
Thanks for the report, patch applied to git. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
