Fix CVE-2017-9287: https://www.openldap.org/its/?findid=8655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287 Patch copied from upstream source repository: https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 From: Ryan Tandy Date: Wed, 17 May 2017 20:07:39 -0700 Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 Fixes a double free when a search includes the Paged Results control with a page size of 0 and the search base matches the filter. --- servers/slapd/back-mdb/search.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c index 301d1a498c..43442aa242 100644 --- a/servers/slapd/back-mdb/search.c +++ b/servers/slapd/back-mdb/search.c @@ -1066,7 +1066,8 @@ notfound: /* check size limit */ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { - mdb_entry_return( op, e ); + if (e != base) + mdb_entry_return( op, e ); e = NULL; send_paged_response( op, rs, &lastid, tentries ); goto done; -- 2.13.0