[Pkg-openldap-devel] [openldap] 01/02: Fix back_mdb double free with pagesize 0 (#863563)

Ryan Tandy rtandy-guest at moszumanska.debian.org
Sun May 28 23:29:53 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rtandy-guest pushed a commit to branch jessie
in repository openldap.

commit f513ebec641f4731152a820deeaff314113b98ac
Author: Ryan Tandy <ryan at nardis.ca>
Date:   Sun May 28 09:56:49 2017 -0700

    Fix back_mdb double free with pagesize 0 (#863563)
---
 debian/changelog                                   |  8 +++++++
 .../ITS-8655-paged-results-double-free.patch       | 28 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 37 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index bbbfe30..2e6ec90 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+openldap (2.4.40+dfsg-1+deb8u3) UNRELEASED; urgency=medium
+
+  * debian/patches/ITS-8655-paged-results-double-free.patch: Fix a double free 
+    in the MDB backend on a search including the Paged Results control with a 
+    page size of 0. (ITS#8655) (Closes: #863563)
+
+ -- Ryan Tandy <ryan at nardis.ca>  Sun, 28 May 2017 14:52:00 -0700
+
 openldap (2.4.40+dfsg-1+deb8u2) jessie; urgency=medium
 
   * debian/patches/ITS8003-fix-off-by-one-in-LDIF-length.patch: Import
diff --git a/debian/patches/ITS-8655-paged-results-double-free.patch b/debian/patches/ITS-8655-paged-results-double-free.patch
new file mode 100644
index 0000000..894b905
--- /dev/null
+++ b/debian/patches/ITS-8655-paged-results-double-free.patch
@@ -0,0 +1,28 @@
+From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan at nardis.ca>
+Date: Wed, 17 May 2017 20:07:39 -0700
+Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0
+
+Fixes a double free when a search includes the Paged Results control
+with a page size of 0 and the search base matches the filter.
+---
+ servers/slapd/back-mdb/search.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
+index 301d1a4..43442aa 100644
+--- a/servers/slapd/back-mdb/search.c
++++ b/servers/slapd/back-mdb/search.c
+@@ -1066,7 +1066,8 @@ notfound:
+ 			/* check size limit */
+ 			if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ 				if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
+-					mdb_entry_return( op, e );
++					if (e != base)
++						mdb_entry_return( op, e );
+ 					e = NULL;
+ 					send_paged_response( op, rs, &lastid, tentries );
+ 					goto done;
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index ac7d74a..9a62261 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,3 +26,4 @@ ITS8046-fix-vrFilter_free-crash.patch
 ITS7975-fix-mdb-onelevel-search.patch
 ITS8240-remove-obsolete-assert.patch
 ITS8003-fix-off-by-one-in-LDIF-length.patch
+ITS-8655-paged-results-double-free.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

More information about the Pkg-openldap-devel mailing list