CVE request: slapd segfaults on certain queries with rwm overlay enabled

[Vincent Danen <vdanen () redhat com>]

The following was reported to us, but has already been reported
publicly upstream.  Could a CVE be assigned to it?

It was discovered that OpenLDAP, with the rwm overlay to slapd, could
segfault if a user were able to query the directory and immediately
unbind from the server.  This seems to be due to the rwm overlay not
doing reference counting properly, so rwm_conn_destroy frees the session
context while rwm_op_search is using it.  This condition also seems to
require multiple cores/CPUs to trigger.


References:

http://www.openldap.org/its/index.cgi/Incoming?id=7723
https://bugzilla.redhat.com/show_bug.cgi?id=1019490

This is currently not fixed upstream.

--
Vincent Danen / Red Hat Security Response Team