https://bugs.openldap.org/show_bug.cgi?id=10155
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED
--- Comment #2 from Howard Chu hyc@openldap.org --- The -T / -F options were added back in 1999 b73b0c61582166d37d55a90067c5783d2164af39
(Actually -V was added, but was renamed to -F some years later.)
There's not much explanation or rationale, and indeed they were only documented in the manpage several years later, 2006.
But from what I can tell: the options are not mutually exclusive. -T controls where temp values are actually written, and -F controls what is written to the LDIF to describe where the values were written. There's no particular reason why these paths must coincide, particularly if the LDIF files or tmp files are later copied to somewhere else.
Frankly we don't really care about fuzzing for one-shot commandline tools. Feeding bogus input doesn't break anything or affect anyone other than the user running the tool.
"-T -u" may be valid, certainly "-u" may be a valid directory name.
The only real issue here is that free() may be called on urlpre which may refer directly to an optarg, as opposed to being a strdup of optarg, and so causes a SEGV on exit. That will be fixed, but again nobody really cares about a SEGV on exit from a one-shot command.