Sorry, I completely forgot to mention I also had to add a check for if
(threaddata->index != NULL) before free(threaddata->index)

Warning: this is not an official diff-generate patch, but rather I
hand-edited the patch you sent, nor is it likely I followed preferred
coding style conventions for this project.

> @@ -133,7 +133,6 @@ ldapdb_getconn(struct ldapdb_data *data)
> -                       free(threaddata->index);
> +                       if (threaddata->index != NULL) {
free(threaddata->index); }
>                         while (threaddata->data != NULL) {
>                                 conndata = threaddata->data;
> -                               free(conndata->index);
>                                 if (conndata->data != NULL)
>                                         ldap_unbind((LDAP
 *)conndata->data);
>                                 threaddata->data = conndata->next;

On Tue, Mar 31, 2015 at 6:53 AM, Troy Noble via RT <bind9-review@isc.org>
wrote:

> Yes, this patch fixes the problem I was seeing.
>
> Sorry for the delay.  I know it has been a few months.
>
> I just recently had a chance to try the proposed patch you sent, and then I
> had to induce the crash to see if it fixed the problem during the cleanup
> routine.
>
> Thank you for the response!
>
> On Sun, Sep 21, 2014 at 10:39 PM, Mukund Sivaraman via RT <
> bind9-bugs@isc.org> wrote:
>
> > Hi Troy
> >
> > On Sat, Sep 20, 2014 at 05:22:32AM +0000, Troy Noble via RT wrote:
> > > I wanted to report a bug we found in sdbldap.c recently. I know sdb is
> a
> > > contrib module so I am not sure if it is officially supported by the
> > > bind-bugs maintainers the original author.
> > >
> > > In short, several bugs could potentially be fixed by correcting a few
> > > "ism's" related to potentially unsafe use of "free" in
> > > contrib/sdb/ldap/ldapdb.c by adding appropriate if ( ... != NULL)
> checks
> > > before things like free(conndata->index) at line 136... which is the
> > > location that caused our particular crash, and free(threaddata->index)
> at
> > > line 133, etc.
> >
> > Thank you for the bug report. Please can you try the attached patch and
> > report if it fixes the crash?
> >
> >                 Mukund
> >
> >
> > From 7298559361264a03b14e71af7ad3583de558f4f5 Mon Sep 17 00:00:00 2001
> > From: Mukund Sivaraman <muks@isc.org>
> > Date: Mon, 22 Sep 2014 09:24:39 +0530
> > Subject: [PATCH] Don't free alias to ldapdb data (that is cleaned up
> during
> >  destroy)
> >
> > ---
> >  contrib/sdb/ldap/ldapdb.c | 1 -
> >  1 file changed, 1 deletion(-)
> >
> > diff --git a/contrib/sdb/ldap/ldapdb.c b/contrib/sdb/ldap/ldapdb.c
> > index caade37..c43342c 100644
> > --- a/contrib/sdb/ldap/ldapdb.c
> > +++ b/contrib/sdb/ldap/ldapdb.c
> > @@ -133,7 +133,6 @@ ldapdb_getconn(struct ldapdb_data *data)
> >                         free(threaddata->index);
> >                         while (threaddata->data != NULL) {
> >                                 conndata = threaddata->data;
> > -                               free(conndata->index);
> >                                 if (conndata->data != NULL)
> >                                         ldap_unbind((LDAP
> > *)conndata->data);
> >                                 threaddata->data = conndata->next;
> > --
> > 1.9.3
> >
> >
> >
>
>