Due to the nature of this bug (referencing previously freed memory leading to an undefined behavior), a reliable testing procedure is difficult to create. This bug was originally found by looking for a cause of syncrepl failures. The reproducibility of these failures was about 50%, enough to make syncrepl unusable, but syncrepl would persistently fail or persistently work correctly, sometimes for long stretches of testing iterations. While trying to set a test environment using virtual machines, I was unable to reproduce the syncrepl failures at all.
Because of that, in my original bug report to OpenLDAP project, I did not describe steps to reproduce the problem, but instead provided a debugging patch that reliably demonstrated the use-after-free issue. This patch replaced the offending free with an assignment of a special value to the variable that was to be freed. The value of that variable was then examined in places where it was accessed. However, while this approach demonstrates the bug well, it requires a rebuild of the code, and cannot be used to test the fixed package. I would like to add that I went the "debug-it-yourself" route precisely because the symptoms were too unpredictable and too "mysterious" to hope for the usual bug report to succeed (by "usual bug report" I mean complaining about symptoms, listing steps to reproduce, etc). To sum up, I can list steps I took during my testing, but these will be of limited use when reproducibility is concerned. I can also provide the debug patch with explanations. Please advise on what would be the best course of action. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code Status in openldap package in Ubuntu: Fix Committed Status in openldap source package in Wily: In Progress Status in openldap source package in Xenial: In Progress Status in openldap source package in Yakkety: Fix Committed Status in openldap package in Debian: New Bug description: May I ask that you backport an upstream patch that resolves the issue of use-after-free in libldap that interferes with syncrepl, causing failures and segfaults. OpenLDAP commit: 283f3ae1713df449cc170965b311b19157f7b7ea Link: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=283f3ae1713df449cc170965b311b19157f7b7ea Modifications to file: libraries/libldap/tls_g.c This problem affects openldap 2.4.41 (in Ubuntu wily), 2.4.42 (in Ubuntu xenial), as well as in 2.4.44 (current upstream stable version). More details are availble on OpenLDAP project bug tracker at: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8385 Thank you To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557248/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp