Full_Name: Howard Chu Version: 2.4 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.155.236.74) Submitted by: hyc

The be_entry_get() entry point is only used for internal operations, not client-initiated operations. Currently it propagates client-provided controls through, but they don't belong there.

If be_entry_get is invoked due to an ACL evaluation, and the original client operation was a syncrepl search, and the remote server honors the syncrepl control, then this query may hang because ldap_back_entry_get() doesn't expect to handle any Intermediate responses. Worse, if the control requested RefreshAndPersist, then additional responses may pile up on the session as the remote server sends persist updates.