[Issue 10370] New: result.c:930: try_read1msg: Assertion `!BER_BVISEMPTY( &resoid )' failed.
https://bugs.openldap.org/show_bug.cgi?id=10370
Issue ID: 10370 Summary: result.c:930: try_read1msg: Assertion `!BER_BVISEMPTY( &resoid )' failed. Product: OpenLDAP Version: 2.6.10 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: daniel@haxx.se Target Milestone: ---
When using curl built with OpenLDAP to access a broken/malicious ldap server, OpenLDAP will abort on this assert.
It seems it should rather return a proper error code?
A full reproducer that unfortunately uses curl is available here: https://hackerone.com/reports/3258022 together with more details about this problem.
(I'm forwarding this information, I did not discover this.)
https://bugs.openldap.org/show_bug.cgi?id=10370
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Howard Chu hyc@openldap.org --- Fixed in git 7d2805f27c9863daab7edef0d01cb872dc859ff8
-
openldap-its@openldap.org