paul(a)mad-scientist.us wrote:
Full_Name: Paul Smith
Version: 2.4.7
OS: Ubuntu 8.04
URL:
Submission from: (NULL) (65.78.30.67)
If you check ldap_free_connection() you'll see that it removes
the LDAPConn
pointer "lc" from the list of connections before it is freed.
BUT! The ldap_free_connection() function never does anything with the
ld->ld_defconn pointer, so if the connection we just freed is the one pointed to
by ld->ld_defconn, it is now pointing to freed memory. And that causes the
problem detected above by valgrind, or causing an assert later on: accessing
freed memory.
I'm not really sure what the right thing to do here is, or I'd provide a patch.
Should we set ld_defconn to NULL? Is that ever a valid state? Or should we
just pick another connection from the list (and what if there isn't one?)
A fix is now in HEAD, please test. The solution sets ld_defconn to NULL, and
also closes ld->ld_sb if necessary. In that case, ldap_send_initial_request
will create a new defconn before calling ldap_send_server_request.
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/