ITS#8655 fix double free on paged search with pagesize 0

Fixes a double free when a search includes the Paged Results control
with a page size of 0 and the search base matches the filter.

Gbp-Pq: Name ITS-8655-paged-results-double-free.patch

diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 5583931671bb410e44f6187ece7516a1b14da8f8..42fafca606d2527bee116d29137c292c133f6bcf 100644 (file)
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -1066,7 +1066,8 @@ notfound:
                        /* check size limit */
                        if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
                                if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
-                                       mdb_entry_return( op, e );
+                                       if (e != base)
+                                               mdb_entry_return( op, e );
                                        e = NULL;
                                        send_paged_response( op, rs, &lastid, tentries );
                                        goto done;