From: Ryan Tandy <ryan@nardis.ca>
Date: Thu, 18 May 2017 03:07:39 +0000 (-0700)
Subject: ITS#8655 fix double free on paged search with pagesize 0
X-Git-Tag: archive/raspbian/2.4.46+dfsg-5+rpi1^2^2^2^2~1
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:/?a=commitdiff_plain;h=cf8314f14c427076f7251bef2cfdedad2eaa756c;p=openldap.git

ITS#8655 fix double free on paged search with pagesize 0

Fixes a double free when a search includes the Paged Results control
with a page size of 0 and the search base matches the filter.

Gbp-Pq: Name ITS-8655-paged-results-double-free.patch
---

diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 55839316..42fafca6 100644
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -1066,7 +1066,8 @@ notfound:
 			/* check size limit */
 			if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
 				if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
-					mdb_entry_return( op, e );
+					if (e != base)
+						mdb_entry_return( op, e );
 					e = NULL;
 					send_paged_response( op, rs, &lastid, tentries );
 					goto done;