[Pkg-openldap-devel] Bug#776991: slapd: crash in valueReturnFilter cleanup
Luca BRUNO
lucab at debian.org
Tue Feb 3 21:37:24 UTC 2015
On Tue, 3 Feb 2015 12:38:39 -0800 Ryan Tandy <ryan at nardis.ca> wrote:
> Bill MacAllister discovered that certain queries cause slapd to crash
> while freeing operation controls. Details to follow.
I've some problems in understanding this comment from upstream bug
report:
> The system exhibiting this problem was running a beta release of
> 2.4.40. When I installed from a build of the current stable the
> problem disappeared. Apologies for the bother, I didn't realize
> the system had not been updated.
>
> I think that documenting the query would be useful anyway, but I
> want to hold off on that because I know the problem exists in the
> build that is in debian backports. I would like to give Ryan a
> chance to fix it before I publish it. I was able to reproduce the
> problem with ldapsearch and it is a trival and very effective
> denial of service attack.
Is it something that we introduced with our patching? Where did he get
a beta release of 2.4.40? Does "a build of current stable" mean
2.4.31-1+nmu2 from wheezy or some upstream version he built? In the
last paragraph, is he implying that he is unable to reproduce the bug
with vanilla openldap?
Cheers, Luca
--
.''`. | ~<[ Luca BRUNO ~ (kaeso) ]>~
: :' : | Email: lucab (AT) debian.org ~ Debian Developer
`. `'` | GPG Key ID: 0x3BFB9FB3 ~ Free Software supporter
`- | HAM-radio callsign: IZ1WGT ~ Networking sorcerer
More information about the Pkg-openldap-devel
mailing list