[Pkg-openldap-devel] Bug#776991: slapd: crash in valueReturnFilter cleanup
Ryan Tandy
ryan at nardis.ca
Tue Feb 3 21:50:38 UTC 2015
Hi,
On Tue, Feb 03, 2015 at 10:37:24PM +0100, Luca BRUNO wrote:
>Is it something that we introduced with our patching?
No. I have reproduced it in upstream git master and 2.4 branches, as
well as in 2.4.40-3 in sid.
>Where did he get a beta release of 2.4.40?
I believe he means a git snapshot from between 2.4.39 and 2.4.40.
>Does "a build of current stable" mean 2.4.31-1+nmu2 from wheezy or some
>upstream version he built?
I believe that refers to the final 2.4.40 tarball.
>In the last paragraph, is he implying that he is unable to reproduce
>the bug with vanilla openldap?
I think so, but I'm hoping to receive some clarification once upstream
responds to the bug. Like I wrote above, I reproduced it with our
2.4.40-3 as well as with unmodified upstream git sources, while Bill
wrote that in some cases it didn't reproduce. As it's a memory-related
bug, it's possible it's not 100% reproducible, or that the allocator
plays a role (note tcmalloc in his backtrace, while I use glibc's).
Before I filed this, Bill wrote to me privately about his ITS, and I
have provided a minimal test case and git bisection result to upstream,
also privately.
We will most likely want to fix this for jessie, and probably #776988 as
well, since both result in remotely-triggered DoS.
hope that helps,
Ryan
More information about the Pkg-openldap-devel
mailing list