[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slap_passwd_parse() returns invalid pointers (ITS#1601)
Full_Name: Luke Howard
Version: HEAD
OS: Darwin
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (165.228.130.11)
Returns pointers into a BerElement which is freed at the end of the function.
Patch attached to servers/slapd/passwd.c; I haven't fixed any of the supplied
backends though yet (they will need to free the returned values).
Index: passwd.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/passwd.c,v
retrieving revision 1.34
diff -u -r1.34 passwd.c
--- passwd.c 2002/01/28 19:25:31 1.34
+++ passwd.c 2002/02/14 09:52:38
@@ -75,6 +75,7 @@
ber_tag_t tag;
ber_len_t len;
BerElement *ber;
+ struct berval tmp;
if( reqdata == NULL ) {
return LDAP_SUCCESS;
@@ -116,7 +117,7 @@
goto done;
}
- tag = ber_scanf( ber, "m", id );
+ tag = ber_scanf( ber, "m", &tmp );
if( tag == LBER_ERROR ) {
#ifdef NEW_LOGGING
@@ -129,7 +130,7 @@
goto decoding_error;
}
-
+ ber_dupbv( id, &tmp );
tag = ber_peek_tag( ber, &len);
}
@@ -148,7 +149,7 @@
goto done;
}
- tag = ber_scanf( ber, "m", oldpass );
+ tag = ber_scanf( ber, "m", &tmp );
if( tag == LBER_ERROR ) {
#ifdef NEW_LOGGING
@@ -161,7 +162,7 @@
goto decoding_error;
}
-
+ ber_dupbv( oldpass, &tmp );
tag = ber_peek_tag( ber, &len);
}
@@ -180,7 +181,7 @@
goto done;
}
- tag = ber_scanf( ber, "m", newpass );
+ tag = ber_scanf( ber, "m", &tmp );
if( tag == LBER_ERROR ) {
#ifdef NEW_LOGGING
@@ -193,7 +194,7 @@
goto decoding_error;
}
-
+ ber_dupbv( newpass, &tmp );
tag = ber_peek_tag( ber, &len );
}