h.b.furuseth@usit.uio.no wrote:

Full_Name: Hallvard B Furuseth Version: HEAD, RE23 OS: Linux URL: Submission from: (NULL) (129.240.202.105) Submitted by: hallvard

syncprov + back-ldap, and presumably + back-meta if that were used, give an array bounds violation in test045-syncreplication-proxied:

syncprov_db_open() uses connection_fake_init(), which sets op->o_tag=0. It passes op to back-ldap.

ldap_back_op_result() assumes op is a known LDAP request: It calls slap_req2op() and gets SLAP_OP_LAST (for unknown tag). That is used as an index into ldapinfo_t.li_timeout[], which has size SLAP_OP_LAST.

back-meta/bind.c does the same in meta_back_bind_op_result() and meta_back_op_result().

I fixed back-ldap but I believe the same fix is still needed in back-meta.