-
Type:
Bug
-
Status: Closed
-
Priority:
Major - P3
-
Resolution: Fixed
-
Affects Version/s: 4.5.1, 4.0.19, 4.2.8, 4.4.0
-
Component/s: Security
-
Labels:None
-
Backwards Compatibility:Fully Compatible
-
Operating System:ALL
-
Backport Requested:v4.4, v4.2, v4.0
-
Sprint:Security 2020-09-07
-
Case:
PooledLDAPConnection::refresh schedules a job which validates the wrapped LDAP connection. Under some circumstances, it appears that the pool is able to reap the connection while this job is outstanding, causing a segmentation fault. We should ensure that the connection takes ownership of itself for the duration of the refresh job, just as the TLConnection::refresh method does.