On Thu, Nov 05, 2015 at 12:12:26AM +0000, ondra@mistotebe.net wrote:

Hi, the following will assert in liblber on i386 (and it should be possible to craft a similar one for 64bit, I think):

echo 'CoSSoJKSCg==' | base64 -d | ~/code/openldap/libraries/liblber/etest .

ITYM dtest?

slapd's sane default setting for sb_max_incoming appears to mitigate most of the potential security impact of this one.