[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
sprintf segv in ldapsearch (ITS#274)
Try this for a segfault:
ldapsearch 'any_attr=%1000000s'
It comes from passing the search filter directly to sprintf at line
354 of ldapsearch.c:
static int dosearch(
LDAP *ld,
char *base,
int scope,
char **attrs,
int attrsonly,
char *filtpatt,
char *value)
{
char filter[ BUFSIZ ];
int rc, first, matches;
LDAPMessage *res, *e;
sprintf( filter, filtpatt, value );
...
Now, few people are going to type in the search filter above, but I
did run into problems searching for values which contained a '%'
char. The man page states:
-f file
Read a series of lines from file, performing one
LDAP search for each line. In this case, the fil-
ter given on the command line is treated as a pat-
tern where the first occurrence of %s is replaced
with a line from file. If file is a single - char-
acter, then the lines are read from standard input.
I would interpret that to mean that if the -f flag is not set, then
'%' should not be interpreted by sprintf.
--Noel