Full_Name: Josh Gilmour Version: ldapsearch 2.3.43 (Nov 29 2010 03:47:14) OS: CentOS release 5.4 32bit URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (38.112.23.58)

I get a segfault when using the following command and applying a filter file. If we remove the -f, the command runs properly. It doesn't seem to be a major security issue (or one at all, I'm not sure), but it does seem to be a bug I believe...

the file i'm using for the -f parameter, 'testing', just has the letter 'a' in it.

Here is the process output from gdb:

[jgilmour@xijgilmour ~]$ gdb ldapsearch GNU gdb Fedora (6.8-37.el5) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... (no debugging symbols found) (gdb) r -x -LLL -h xxx.local -D "xxx@xxx.local" -E pr=1/noprompt -w password -b "OU=xxx,dc=xxx,dc=local" -S sAMAccountName -f testing Starting program: /usr/bin/ldapsearch -x -LLL -h xxx.local -D "xxx@xxx.local" -E pr=1/noprompt -w password -b "OU=xxx,dc=xxx,dc=local" -S sAMAccountName -f testing (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) dn: OU=xxx,DC=xxx,DC=LOCAL objectClass: top objectClass: organizationalUnit ou: xxx distinguishedName: OU=xxx,DC=xxx,DC=LOCAL instanceType: 4 whenCreated: 20050103174000.0Z whenChanged: 20081117191042.0Z uSNCreated: 12371 uSNChanged: 6388825 name: xxx objectGUID:: qjRiugCNd0eXyrXkHlETpA== objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=xxx,D C=LOCAL dSCorePropagationData: 20080818221029.0Z dSCorePropagationData: 20080628202026.0Z dSCorePropagationData: 20070611215308.0Z dSCorePropagationData: 20070611213209.0Z dSCorePropagationData: 16010714223649.0Z

*** glibc detected *** /usr/bin/ldapsearch: double free or corruption (!prev): 0x086a35f8 ***

Program received signal SIGSEGV, Segmentation fault. 0x00c67a3f in _int_malloc () from /lib/i686/nosegneg/libc.so.6 (gdb) i r eax 0x169 361 ecx 0xd43170 13906288 edx 0x86a35f0 141178352 ebx 0xd41ff4 13901812 esp 0xbf9a7078 0xbf9a7078 ebp 0xbf9a713c 0xbf9a713c esi 0x168 360 edi 0xb7fdb000 -1208111104 eip 0xc67a3f 0xc67a3f <_int_malloc+703> eflags 0x210283 [ CF SF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 (gdb) bt #0 0x00c67a3f in _int_malloc () from /lib/i686/nosegneg/libc.so.6 #1 0x00c69a1e in malloc () from /lib/i686/nosegneg/libc.so.6 #2 0x00235998 in _dl_map_object () from /lib/ld-linux.so.2 #3 0x0023ead1 in dl_open_worker () from /lib/ld-linux.so.2 #4 0x0023ae66 in _dl_catch_error () from /lib/ld-linux.so.2 #5 0x0023e4b2 in _dl_open () from /lib/ld-linux.so.2 #6 0x00d08072 in do_dlopen () from /lib/i686/nosegneg/libc.so.6 #7 0x0023ae66 in _dl_catch_error () from /lib/ld-linux.so.2 #8 0x00d08225 in __libc_dlopen_mode () from /lib/i686/nosegneg/libc.so.6 #9 0x00ce44d9 in init () from /lib/i686/nosegneg/libc.so.6 #10 0x00ce4673 in backtrace () from /lib/i686/nosegneg/libc.so.6 #11 0x00c5ee51 in __libc_message () from /lib/i686/nosegneg/libc.so.6 #12 0x00c671d5 in _int_free () from /lib/i686/nosegneg/libc.so.6 #13 0x00c67619 in free () from /lib/i686/nosegneg/libc.so.6 #14 0x00c55756 in fclose@@GLIBC_2.1 () from /lib/i686/nosegneg/libc.so.6 #15 0x0804ca88 in ?? () #16 0x00c12e9c in __libc_start_main () from /lib/i686/nosegneg/libc.so.6 #17 0x0804a3f1 in ?? () (gdb) q The program is running. Exit anyway? (y or n) y [jgilmour@xijgilmour ~]$ uname -a Linux xijgilmour.xxx.local 2.6.18-164.11.1.el5xen #1 SMP Wed Jan 20 08:53:10 EST 2010 i686 i686 i386 GNU/Linux