Full_Name: Hallvard B Furuseth Version: 2.4.23 OS: URL: Submission from: (NULL) (193.157.200.213) Submitted by: hallvard

Dynlist Compare operation: - dynlist_compare() can use an entry after it has been released. It thinks that clearing rs->sr_entry prevents a search from releasing the entry, even after the search completes. Not so.

Dynlist mostly worked anyway, I think because dynlist itself follows this expectation for entries without REP_ENTRY_MODIFIABLE which it has duplicated. That includes entries it receives directly from back-bdb.

- dynlist_compare() can do needless work: search the same entry several times, fetch an entry to search in a backend which does not support searching, find authz for an entry which will not be searched.

- dynlist_sc_save_entry() could read rs->sr_entry when rs->sr_type != REP_SEARCH, which means some other part of the union may be in use.

Search operation: - dynlist_sc_update() did not clear REP_ENTRY_MODIFIABLE when freeing. - dynlist_prepare_entry() did not honor REP_ENTRY_MUSTRELEASE.

OpenLDAP 2.2/2.3 compatibility code: - Can be dropped, recent dynlist.c does not compile on these versions.

Fixing. Simplest Compare fix will ignore errors from o.o_bd->be_search(), just like dynlist_prepare_entry() does.