389-ds-base

Clone
Source Code
GIT

#47528 389-ds-base built with mozldap can crash from invalid free
Closed: wontfix None Opened 10 years ago by mreynolds.

Closed: wontfix
Reopen Issue
#0 0x000000378e0328a5 in raise () from /lib64/libc.so.6 #1 0x000000378e034085 in abort () from /lib64/libc.so.6 #2 0x000000378e0707b7 in __libc_message () from /lib64/libc.so.6 #3 0x000000378e0760e6 in malloc_printerr () from /lib64/libc.so.6 #4 0x00007ff7b21248ae in slapi_ch_free (ptr=0x7ff778004db8) at ../ds/ldap/servers/slapd/ch_malloc.c:363 #5 0x00007ff7b2144fc3 in slapi_filter_free (f=0x7ff778004d90, recurse=1) at ../ds/ldap/servers/slapd/filter.c:782 #6 0x00007ff7b2145050 in slapi_filter_free (f=0x7ff77800d6a0, recurse=1) at ../ds/ldap/servers/slapd/filter.c:800 #7 0x000000000043096e in do_search (pb=0x7ff79bffea90) at ../ds/ldap/servers/slapd/search.c:425 #8 0x000000000041578e in connection_dispatch_operation (conn=0x7ff7a8801410, op=0x7ff77800e480, pb=0x7ff79bffea90) at ../ds/ldap/servers/slapd/connection.c:682 #9 0x00000000004172fd in connection_threadmain () at ../ds/ldap/servers/slapd/connection.c:2508 #10 0x000000379d829a73 in ?? () from /lib64/libnspr4.so #11 0x000000378e407851 in start_thread () from /lib64/libpthread.so.0 #12 0x000000378e0e890d in clone () from /lib64/libc.so.6 The issue is that the slapi_escape_filter_value() returned string gets freed by the caller. When using mozldap, this function can return the original filter pointer, which can lead to a double free(see above stack).

git merge ticket47528
Updating 058d01d..da59cff
Fast-forward
ldap/servers/slapd/util.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)

git push origin master
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 889 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
058d01d..da59cff master -> master

commit da59cff
Author: Mark Reynolds mreynolds@redhat.com
Date: Thu Sep 26 14:42:20 2013 -0400

git cherry-pick -x master
Finished one cherry-pick.
[389-ds-base-1.3.1 f7156e0] Ticket 47528 - 389-ds-base built with mozldap can crash from invalid free
1 files changed, 7 insertions(+), 1 deletions(-)

git push origin 389-ds-base-1.3.1
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 937 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
e5405e6..f7156e0 389-ds-base-1.3.1 -> 389-ds-base-1.3.1

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.1.10
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/865

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
ack
0
Community
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.