https://bugs.openldap.org/show_bug.cgi?id=10370
Issue ID: 10370
Summary: result.c:930: try_read1msg: Assertion `!BER_BVISEMPTY(
&resoid )' failed.
Product: OpenLDAP
Version: 2.6.10
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
When using curl built with OpenLDAP to access a broken/malicious ldap server,
OpenLDAP will abort on this assert.
It seems it should rather return a proper error code?
A full reproducer that unfortunately uses curl is available here:
https://hackerone.com/reports/3258022 together with more details about this
problem.
(I'm forwarding this information, I did not discover this.)
--
You are receiving this mail because:
You are on the CC list for the issue.
