Full_Name: Michael Steinmann Version: 2.3.35 / HEAD OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.254.173.218)
This is while testing a custom pwdCheckModule. In function check_password_quality(), char *txt is free()'d, slapd crashes with "invalid pointer".
Core was generated by `servers/slapd/slapd -f etc/openldap/slapd.conf -h ldap://localhost:10389/ -d 9'. Program terminated with signal 6, Aborted. #0 0xb7b3a0b6 in raise () from /lib/libc.so.6 (gdb) bt #0 0xb7b3a0b6 in raise () from /lib/libc.so.6 #1 0xb7b3b841 in abort () from /lib/libc.so.6 #2 0xb7b7019b in __libc_message () from /lib/libc.so.6 #3 0xb7b75de2 in malloc_printerr () from /lib/libc.so.6 #4 0x08089bb8 in ch_free (ptr=0xb7c3aff4) at ch_malloc.c:139 #5 0x08119833 in check_password_quality (cred=0x2, pp=<value optimized out>, err=0xb752becc, e=0x8285998) at ppolicy.c:650 #6 0x0811ac59 in ppolicy_modify (op=0x8285028, rs=0xb752c1c4) at ppolicy.c:1751 #7 0x080c7134 in overlay_op_walk (op=0x8285028, rs=0xb752c1c4, which=op_modify, oi=0x822f488, on=0x822f578) at backover.c:498 #8 0x080c758d in over_op_func (op=0x8285028, rs=0xb752c1c4, which=op_modify) at backover.c:560 #9 0x080a117b in passwd_extop (op=0x8285028, rs=0xb752c1c4) at passwd.c:284 #10 0x0809f611 in fe_extended (op=0x8285028, rs=0xb752c1c4) at extended.c:215 #11 0x0809fb79 in do_extended (op=0x8285028, rs=0xb752c1c4) at extended.c:180 #12 0x08070589 in connection_operation (ctx=0xb752c238, arg_v=0x8285028) at connection.c:1133 #13 0x08143ae3 in ldap_int_thread_pool_wrapper (xpool=0x820eb40) at tpool.c:478 #14 0xb7c43f8a in start_thread () from /lib/libpthread.so.0 #15 0xb752c480 in ?? () #16 0xb752c480 in ?? () #17 0xb752c480 in ?? () #18 0xb752c480 in ?? () #19 0x00000000 in ?? ()
Patch below fixes the issue.
Index: ppolicy.c =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays/ppolicy.c,v retrieving revision 1.98 diff -r1.98 ppolicy.c 652d651 < free(txt);