touch-packages team mailing list archive

[Kartik Subbarao <subbarao@xxxxxxxxxxxx>]

I have run both 2.4.31 and 2.4.40 for a few days, and have only
experienced this type of slapd crash with 2.4.40. That by itself isn't
conclusive though, since memory corruption errors can be sensitive in
how they manifest. Looking at the code briefly, I see that the same off-
by-one error in include/ldif.h is present in the 2.4.31 code (as well as
2.4.28), so the potential for the bug to be expressed is likely there in
the earlier versions as well. I hedge with "likely" because it seems
that there have been many changes made to this part of the code
recently, and I've seen that just reading it briefly can be misleading
when drawing firm conclusions.

The most conservative approach would be just to patch 2.4.40 for now,
unless/until people report this bug in earlier versions. A more
aggressive approach would be to patch 2.4.31 and 2.4.28 and wait for
people to report other things breaking in the earlier versions.

As an aside -- I'm actually building/running the 2.4.40 package on
14.04, not on Wily -- and I have verified that adding the patch to the
package build fixes the bug.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1461276

Title:
  off-by-one in LDIF length

Status in openldap package in Ubuntu:
  New

Bug description:
  Would it be possible to include the patch for ITS#8003 in the next
  build of the 2.4.40 package?

  http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=c8353f7acdec4a42f537b0d475aaae005ba72363

  It fixes a bug that causes slapd to crash when the audit log is
  enabled and a large base64-encoded attribute is printed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1461276/+subscriptions