Full_Name: Ryan Tandy Version: master (7df548d), RE24 (2b14bbc) OS: Debian unstable URL: Submission from: (NULL) (142.32.208.227)

If you use the deref control but leave the list of requested attributes empty, slapd crashes.

ldapsearch [...] -E deref=member:

#0 0x0000000000516ef0 in deref_parseCtrl (op=0x7fffec000940, rs=0x7ffff57eeac0, ctrl=0x7fffec001238) at deref.c:225 #1 0x000000000046a84d in slap_parse_ctrl (op=0x7fffec000940, rs=0x7ffff57eeac0, control=0x7fffec001238, text=0x7ffff57eeae0) at controls.c:693 #2 0x000000000046b0f5 in get_ctrls2 (op=0x7fffec000940, rs=0x7ffff57eeac0, sendres=1, ctag=160) at controls.c:886 #3 0x000000000046a8ff in get_ctrls (op=0x7fffec000940, rs=0x7ffff57eeac0, sendres=1) at controls.c:723 #4 0x000000000042e94e in do_search (op=0x7fffec000940, rs=0x7ffff57eeac0) at search.c:195 #5 0x000000000042bdf3 in connection_operation (ctx=0x7ffff57eebf0, arg_v=0x7fffec000940) at connection.c:1134 #6 0x000000000042c3a3 in connection_read_thread (ctx=0x7ffff57eebf0, argv=0xb) at connection.c:1280 #7 0x0000000000538938 in ldap_int_thread_pool_wrapper (xpool=0x892bc0) at tpool.c:958 #8 0x00007ffff79b00a4 in start_thread (arg=0x7ffff57ef700) at pthread_create.c:309 #9 0x00007ffff76e4ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

(line numbers are from master)

The ldapsearch manpage implies this probably isn't valid, but it still accepted it. (FWIW, I tried it just to see whether it would return all attributes or none.) I couldn't tell from draft-ldap-deref-00 whether an empty attr list is considered a valid request.