https://bugs.openldap.org/show_bug.cgi?id=10096
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- On Mon, Aug 28, 2023 at 08:58:28PM +0000, openldap-its@openldap.org wrote:
The double free happens during a referral chasing with AD.
SSSD usage Background (But I think the issue can happen even without SSSD): Referral chasing with AD and Kerberos based GSSAPI/GSS-SPNEGO authentication will never work based in the fact that AD will return domain names instead of the names of AD DC in the referral. That with with 'id_provider = ad' (SSSD setting) there is 'ldap_referrals = false' as default. For 'id_provider = ldap' we expect a generic LDAP server (not AD) which returns proper referrals with fully-qualified hostname or where is simple bind is used, either anonymous or with bind DN and password (which is expected to be the same on all involved LDAP servers and which is not the case with AD since the AD DC from a different domain won't know the given bind DN).
So the issue is an unusual one, but still, as it's a crash, I think it deserves a look at.
Hi Simon, given you can repro it and seems you're suggesting it's hard to reproduce without an AD, can you: - try running it under valgrind's memcheck and post any errors reported, tracing memory origins as well (I suspect the request has been freed already) - enable libldap's TRACE logging and post the logs here?
That's assuming you can't wrap something up that we could use to reproduce the issue ourselves, that would obviously be preferable.
Thanks,