[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd crash when db suffix is "" (ITS#42)

To: openldap-its@OpenLDAP.org
Subject: slapd crash when db suffix is "" (ITS#42)
From: Brad.Rubenstein@gs.com
Date: Wed, 13 Jan 1999 03:20:05 GMT

Full_Name: Brad Rubenstein
Version: stable-981231
OS: Solaris 5.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (208.168.16.140)


slapd crashes on search when the database suffix is "" in slapd.conf
(I wanted the database to contain the entire universe, with no referals,
and I expected that a base of "" would do it).

crash is caused by a garbage argument to free in
servers/slapd/back-ldbm/search.c
line 122.

In ldbm_back_search "matched" is set to stack garbage at line 52, and, if 
candidates == NULL, free(matched) is called and crashes.  This is because 
subtree_candidates only sets the value of "matched" if base is not "".  It seems
hard to 
guarantee that matched will be initialized by the various subroutine calls made
by
ldbm_back_search, so perhaps it should be set to NULL at the top...

Prev by Date: Re: Adding rev id's to source files (ITS#41)
Next by Date: Re: Adding rev id's to source files (ITS#41)
Index(es):
- Chronological
- Thread