https://bugs.openldap.org/show_bug.cgi?id=10480
Issue ID: 10480 Summary: Use after free in cn=config replication Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs@openldap.org Reporter: ondra@mistotebe.net Target Milestone: ---
If a renumber needs to happen, cn=config frees e->e_name, but some code (e.g. syncrepl) sets op->o_req_dn to point to the same and as such it can't be used anymore. This causes a crash in syncrepl (if LDAP_DEBUG_SYNC is on) and accesslog during cn=config replication.
Either syncrepl (and others) shouldn't do this or cn=config should check for this case and adjust o_req_dn after the fact.
https://bugs.openldap.org/show_bug.cgi?id=10480
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|--- |2.6.14 Assignee|bugs@openldap.org |ondra@mistotebe.net
https://bugs.openldap.org/show_bug.cgi?id=10480
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- head:
• 1a2cbd63 by Ondřej Kuzník at 2026-04-10T11:15:11+01:00 ITS#10480 Keep o_req_dn and e_name separate like others do
RE26:
• 1596bb98 by Ondřej Kuzník at 2026-04-21T15:58:07+00:00 ITS#10480 Keep o_req_dn and e_name separate like others do
https://bugs.openldap.org/show_bug.cgi?id=10480
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |apostnikov@gmail.com
--- Comment #2 from Ondřej Kuzník ondra@mistotebe.net --- *** Issue 10508 has been marked as a duplicate of this issue. ***
-
openldap-its@openldap.org