[Date Prev][Date Next] [Chronological] [Thread] [Top]

sprintf segv in ldapsearch (ITS#274)

To: openldap-its@OpenLDAP.org
Subject: sprintf segv in ldapsearch (ITS#274)
From: noel@burton-krahn.com
Date: Wed, 25 Aug 1999 23:43:09 GMT

Try this for a segfault:

    ldapsearch 'any_attr=%1000000s'

It comes from passing the search filter directly to sprintf at line
354 of ldapsearch.c:

    static int dosearch(
	    LDAP    *ld,
	char        *base,
	int         scope,
	char        **attrs,
	int         attrsonly,
	char        *filtpatt,
	char        *value)
    {
	char                filter[ BUFSIZ ];
	int                 rc, first, matches;
	LDAPMessage         *res, *e;

	sprintf( filter, filtpatt, value );

	...

Now, few people are going to type in the search filter above, but I
did run into problems searching for values which contained a '%'
char.  The man page states:

       -f file
              Read a series of lines from  file,  performing  one
              LDAP  search for each line.  In this case, the fil-
              ter given on the command line is treated as a  pat-
              tern  where  the first occurrence of %s is replaced
              with a line from file.  If file is a single - char-
              acter, then the lines are read from standard input.

I would interpret that to mean that if the -f flag is not set, then
'%' should not be interpreted by sprintf.

--Noel

Prev by Date: Re: SLAP - memory leak ? (ITS#250)
Next by Date: Re: sprintf segv in ldapsearch (ITS#274)
Index(es):
- Chronological
- Thread