Full_Name: Howard Chu Version: any OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.235.15.200) Submitted by: hyc

1) ldap_result() returns -1 with ld_errno = LDAP_LOCAL_ERROR because it read an unrecognizable message from the network. 2) ldap_result() is called again on the same LDAP*.

During (1) the lc->lconn_ber was not zeroed out so it is used again in (2). But ber_get_next() already fully parsed its input during (1) so this assert fails on the 2nd call:

513 if (ber->ber_rwptr == NULL) { 514 assert( ber->ber_buf == NULL ); 515 ber->ber_rwptr = (char *) &ber->ber_len-1; 516 ber->ber_ptr = ber->ber_ptr%r; 517 ber->ber_tag = 0; 518 }

ldap_result() should clear lconn_ber before returning with an error.

The LDAP* session probably should not be used again after (1) anyway but this is still messy.