Hi Troy
On Sat, Sep 20, 2014 at 05:22:32AM +0000, Troy Noble via RT wrote:
> I wanted to report a bug we found in sdbldap.c recently. I know sdb is a
> contrib module so I am not sure if it is officially supported by the
> bind-bugs maintainers the original author.
>
> In short, several bugs could potentially be fixed by correcting a few
> "ism's" related to potentially unsafe use of "free" in
> contrib/sdb/ldap/ldapdb.c by adding appropriate if ( ... != NULL) checks
> before things like free(conndata->index) at line 136... which is the
> location that caused our particular crash, and free(threaddata->index) at
> line 133, etc.
Thank you for the bug report. Please can you try the attached patch and
report if it fixes the crash?
Mukund
From 7298559361264a03b14e71af7ad3583de558f4f5 Mon Sep 17 00:00:00 2001
From: Mukund Sivaraman <muks@isc.org>
Date: Mon, 22 Sep 2014 09:24:39 +0530
Subject: [PATCH] Don't free alias to ldapdb data (that is cleaned up during
destroy)
---
contrib/sdb/ldap/ldapdb.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/contrib/sdb/ldap/ldapdb.c b/contrib/sdb/ldap/ldapdb.c
index caade37..c43342c 100644
--- a/contrib/sdb/ldap/ldapdb.c
+++ b/contrib/sdb/ldap/ldapdb.c
@@ -133,7 +133,6 @@ ldapdb_getconn(struct ldapdb_data *data)
free(threaddata->index);
while (threaddata->data != NULL) {
conndata = threaddata->data;
- free(conndata->index);
if (conndata->data != NULL)
ldap_unbind((LDAP *)conndata->data);
threaddata->data = conndata->next;
--
1.9.3