Package: openldap2 Version: 2.1.30-8 Severity: important Please apply this backported (attached) patch from REL_2.2, it fixes crashes when you set timeout value twice, which can happen quite easily.
Upstream ITS: http://www.openldap.org/its/index.cgi/Software% 20Bugs?id=3487;expression=TIMEOUT;casesensitive=1;usearchives=1;statetype=-1 Reason why we need it for apache2 mod_ldap: http://issues.apache.org/bugzilla/show_bug.cgi?id=34618#c12 We will then depend our apache2 builds on library with this fix included. Thanks, -- Ondrej Sury <[EMAIL PROTECTED]>
diff -urN openldap2-2.1.30~/libraries/libldap/open.c openldap2-2.1.30/libraries/libldap/open.c
--- openldap2-2.1.30~/libraries/libldap/open.c 2003-04-29 01:41:55.000000000 +0200
+++ openldap2-2.1.30/libraries/libldap/open.c 2005-09-19 14:06:12.000000000 +0200
@@ -126,6 +126,9 @@
/* but not pointers to malloc'ed items */
ld->ld_options.ldo_sctrls = NULL;
ld->ld_options.ldo_cctrls = NULL;
+ ld->ld_options.ldo_tm_api = NULL;
+ ld->ld_options.ldo_tm_net = NULL;
+ ld->ld_options.ldo_defludp = NULL;
#ifdef HAVE_CYRUS_SASL
ld->ld_options.ldo_def_sasl_mech = gopts->ldo_def_sasl_mech
@@ -138,30 +141,43 @@
? LDAP_STRDUP( gopts->ldo_def_sasl_authzid ) : NULL;
#endif
- ld->ld_options.ldo_defludp = ldap_url_duplist(gopts->ldo_defludp);
+ if ( gopts->ldo_tm_api &&
+ ldap_int_timeval_dup( &ld->ld_options.ldo_tm_api, gopts->ldo_tm_api ))
+ goto nomem;
- if ( ld->ld_options.ldo_defludp == NULL ) {
- LDAP_FREE( (char*)ld );
- return LDAP_NO_MEMORY;
- }
+ if ( gopts->ldo_tm_net &&
+ ldap_int_timeval_dup( &ld->ld_options.ldo_tm_net, gopts->ldo_tm_net ))
+ goto nomem;
+
+ if ( gopts->ldo_defludp ) {
+ ld->ld_options.ldo_defludp = ldap_url_duplist(gopts->ldo_defludp);
- if (( ld->ld_selectinfo = ldap_new_select_info()) == NULL ) {
- ldap_free_urllist( ld->ld_options.ldo_defludp );
- LDAP_FREE( (char*) ld );
- return LDAP_NO_MEMORY;
+ if ( ld->ld_options.ldo_defludp == NULL ) goto nomem;
}
+ if (( ld->ld_selectinfo = ldap_new_select_info()) == NULL ) goto nomem;
+
ld->ld_lberoptions = LBER_USE_DER;
ld->ld_sb = ber_sockbuf_alloc( );
- if ( ld->ld_sb == NULL ) {
- ldap_free_urllist( ld->ld_options.ldo_defludp );
- LDAP_FREE( (char*) ld );
- return LDAP_NO_MEMORY;
- }
+ if ( ld->ld_sb == NULL ) goto nomem;
*ldp = ld;
return LDAP_SUCCESS;
+
+nomem:
+ ldap_free_select_info( ld->ld_selectinfo );
+ ldap_free_urllist( ld->ld_options.ldo_defludp );
+ LDAP_FREE( ld->ld_options.ldo_tm_net );
+ LDAP_FREE( ld->ld_options.ldo_tm_api );
+#ifdef HAVE_CYRUS_SASL
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_authzid );
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_authcid );
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_realm );
+ LDAP_FREE( ld->ld_options.ldo_def_sasl_mech );
+#endif
+ LDAP_FREE( (char *)ld );
+ return LDAP_NO_MEMORY;
}
/*
signature.asc
Description: This is a digitally signed message part
