Pooled LDAP connections may reference out-of-scope memory after timeout

XMLWordPrintableJSON

    • Server Security
    • Fully Compatible
    • ALL
    • v7.0, v6.0, v5.0, v4.4
    • Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      WrappedConnection::bindAsUser invokes an underlying LDAP connection's bindAsUser method, by is scheduling a lambda onto an executor which calls the method, and waiting for the resolution of a result future. This future might be resolved by successful conclusion of the lambda, or by a timeout alarm.

      Unfortunately, it is possible for the timeout to elapse and for WrappedConnection::bindAsUser to return with a not-OK Status before the lambda completes its execution. This means that reference captured variables used by the lambda might fall out of scope while they are being used.

              Assignee:
              Varun Ravichandran
              Reporter:
              Spencer Jackson
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: