[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: parse_oid() can cause a core dump (ITS#3065)

To: openldap-its@OpenLDAP.org
Subject: Re: parse_oid() can cause a core dump (ITS#3065)
From: Kurt@OpenLDAP.org
Date: Wed, 7 Apr 2004 17:32:50 GMT

I have fixed, I believe, this problem in HEAD.  Please test.

Kurt

At 08:39 AM 4/7/2004, pk@cs.few.eur.nl wrote:
>Full_Name: Paul Kranenburg
>Version: 2.2.7
>OS: Solaris 9
>URL: 
>Submission from: (NULL) (130.115.112.236)
>
>
>In libldap/schema.c:parse_oid(), the pointer array `res' is allocated and
>initialized
>with 3 NULL pointers. If this array needs to be expanded (by calling
>LDAP_REALLOC)
>the additional trailing storage is not initilized, which may lead to problems
>if when the array is freed later on, for instance by LDAP_FREE() a few lines
>down
>in the same routine which is triggered if the oid list contains syntax errors.
>
>Since the array is expanded by just one element at a time, adding a
>
>    res1[size-1] = NULL;
>
>should solve the problem.

Prev by Date: parse_oid() can cause a core dump (ITS#3065)
Next by Date: Re: approx searchs broken in 2.2.8 (ITS#3062)
Index(es):
- Chronological
- Thread