Full_Name: Chris Martin Version: 2.4.23-32.el6_4.1 but also present in git repository version OS: Oracle Linux 6 URL: Submission from: (NULL) (148.87.19.206)

If tlsm_ctx_free is entered with ctx->tc_pin_file null it will crash when it calls PL_strfree with that null pointer.

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/l... 2039 static void 2040 tlsm_ctx_free ( tls_ctx *ctx ) 2041 { ... 2069 PL_strfree( c->tc_pin_file )

I propose that an "if ( c->tc_pin_file )" be added before this line to protect against this.

The specific use case when we hit this involves automount calling openldap ldap_start_tls_s which fails with LDAP_CONNECT_ERROR. automount then calls openldap ldap_unbind_ext which calls ldap_ld_free which calls ldap_int_tls_destroy which triggers this crash above.