[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4278) pwdExtop doesn't set all fields of the modification structure

To: openldap-its@OpenLDAP.org
Subject: (ITS#4278) pwdExtop doesn't set all fields of the modification structure
From: dbroady1@yahoo.com
Date: Wed, 21 Dec 2005 19:01:49 GMT

Full_Name: Darin Broady
Version: 2.3.12 (HEAD)
OS: Solaris 9
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (192.146.101.24)


In servers/slapd/passwd.c, between lines 256-262 in HEAD and 2.3, the pwdExtOp
code is creating the Modifications list to get ready for the call to be_modify. 
However, it fails to set the sml_type berval to anything.  Since the ml struct
is allocated by ch_malloc, the sml_type variable will not be initialized
correctly.  Any code that attempts to copy this Modification structure will
coredump because sml_type.bv_val will be pointing to garbarge.  Specifically, if
a SLAPI plugin calls:

   LDAPMod **mods;
   slapi_pblock_get(pb, SLAPI_MODIFY_MODS, (void*)&mods);

slapd will coredump while attempting to copy the structure at
servers/slapd/slapi/slapi_pblock.c:625, slapi_int_modifications2ldapmods, which
eventually gets to line 2719 of servers/slapd/slapi/slapi_utils.c, attempting to
strdup the sml_type variable.

A simple fix that I used to stop the coredump was to do the following in
passwd.c near line 260:
   BER__BVZERO(&(ml->sml_type));

I don't know if this is most appropriate fix, but it worked for me.  Another
solution would be to use ch_calloc() instead of ch_malloc().

Prev by Date: Re: (ITS#4247) test036 eventually does nothing
Next by Date: Re: (ITS#4279) clients/tools/common.c undefined symbol
Index(es):
- Chronological
- Thread