[Pkg-openldap-devel] [openldap] 02/02: fix double free in vrf control cleanup (#776991)

Wed Feb 4 19:18:06 UTC 2015

This is an automated email from the git hooks/post-receive script.

rtandy-guest pushed a commit to branch master
in repository openldap.

commit 01f273a113cf10673dcda1e29bbb97c41b560dda
Author: Ryan Tandy <ryan at nardis.ca>
Date:   Wed Feb 4 08:33:53 2015 -0800

    fix double free in vrf control cleanup (#776991)
---
 debian/changelog                                   |  3 +++
 .../patches/ITS8046-fix-vrFilter_free-crash.patch  | 28 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 32 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 2e4a05d..832836a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ openldap (2.4.40-4) UNRELEASED; urgency=medium
   * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream 
     patch to fix a crash when a search includes the Deref control with an 
     empty attribute list. (ITS#8027) (Closes: #776988)
+  * debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream 
+    patch to fix a double free triggered by certain search queries using the 
+    Matched Values control. (ITS#8046) (Closes: #776991)
 
  -- Ryan Tandy <ryan at nardis.ca>  Wed, 04 Feb 2015 08:23:15 -0800
 
diff --git a/debian/patches/ITS8046-fix-vrFilter_free-crash.patch b/debian/patches/ITS8046-fix-vrFilter_free-crash.patch
new file mode 100644
index 0000000..7a1b67f
--- /dev/null
+++ b/debian/patches/ITS8046-fix-vrFilter_free-crash.patch
@@ -0,0 +1,28 @@
+commit 2f1a2dd329b91afe561cd06b872d09630d4edb6a
+Author: Howard Chu <hyc at openldap.org>
+Date:   Wed Feb 4 02:03:55 2015 +0000
+
+    ITS#8046 fix vrFilter_free
+
+diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
+index b859f73..22c81c8 100644
+--- a/servers/slapd/filter.c
++++ b/servers/slapd/filter.c
+@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber,
+ void
+ vrFilter_free( Operation *op, ValuesReturnFilter *vrf )
+ {
+-	ValuesReturnFilter	*p, *next;
++	ValuesReturnFilter	*next;
+ 
+-	if ( vrf == NULL ) {
+-		return;
+-	}
+-
+-	for ( p = vrf; p != NULL; p = next ) {
+-		next = p->vrf_next;
++	for ( ; vrf != NULL; vrf = next ) {
++		next = vrf->vrf_next;
+ 
+ 		switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) {
+ 		case LDAP_FILTER_PRESENT:
diff --git a/debian/patches/series b/debian/patches/series
index f50f391..45dd92c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@ no-bdb-ABI-second-guessing
 heimdal-fix
 ITS6035-olcauthzregex-needs-restart.patch
 ITS8027-deref-reject-empty-attr-list.patch
+ITS8046-fix-vrFilter_free-crash.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

