content-type: text/plain; charset="utf-8" X-RT-Original-Encoding: utf-8 Content-Length: 2199 Yes, this patch fixes the problem I was seeing. Sorry for the delay. I know it has been a few months. I just recently had a chance to try the proposed patch you sent, and then I had to induce the crash to see if it fixed the problem during the cleanup routine. Thank you for the response! On Sun, Sep 21, 2014 at 10:39 PM, Mukund Sivaraman via RT < bind9-bugs@isc.org> wrote: > Hi Troy > > On Sat, Sep 20, 2014 at 05:22:32AM +0000, Troy Noble via RT wrote: > > I wanted to report a bug we found in sdbldap.c recently. I know sdb is a > > contrib module so I am not sure if it is officially supported by the > > bind-bugs maintainers the original author. > > > > In short, several bugs could potentially be fixed by correcting a few > > "ism's" related to potentially unsafe use of "free" in > > contrib/sdb/ldap/ldapdb.c by adding appropriate if ( ... != NULL) checks > > before things like free(conndata->index) at line 136... which is the > > location that caused our particular crash, and free(threaddata->index) at > > line 133, etc. > > Thank you for the bug report. Please can you try the attached patch and > report if it fixes the crash? > > Mukund > > > From 7298559361264a03b14e71af7ad3583de558f4f5 Mon Sep 17 00:00:00 2001 > From: Mukund Sivaraman > Date: Mon, 22 Sep 2014 09:24:39 +0530 > Subject: [PATCH] Don't free alias to ldapdb data (that is cleaned up during > destroy) > > --- > contrib/sdb/ldap/ldapdb.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/contrib/sdb/ldap/ldapdb.c b/contrib/sdb/ldap/ldapdb.c > index caade37..c43342c 100644 > --- a/contrib/sdb/ldap/ldapdb.c > +++ b/contrib/sdb/ldap/ldapdb.c > @@ -133,7 +133,6 @@ ldapdb_getconn(struct ldapdb_data *data) > free(threaddata->index); > while (threaddata->data != NULL) { > conndata = threaddata->data; > - free(conndata->index); > if (conndata->data != NULL) > ldap_unbind((LDAP > *)conndata->data); > threaddata->data = conndata->next; > -- > 1.9.3 > > >