[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4449) incorrect bound check in connection_next()?

To: openldap-its@OpenLDAP.org
Subject: (ITS#4449) incorrect bound check in connection_next()?
From: ando@sys-net.it
Date: Sat, 25 Mar 2006 00:15:38 GMT

Full_Name: Pierangelo Masarati
Version: HEAD/re23
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando


I suspect there's an incorrect bound check in connection_next(), where *index
upper value is tested for < MCA_ARRAY_SIZE instead of <= dtblsize.

The patch below seems to address the issue, but I'd prefer a comment from
someone that's more familiar with that portion of code.

Thanks, p.

Index: servers/slapd/connection.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/connection.c,v
retrieving revision 1.350
diff -u -r1.350 connection.c
--- servers/slapd/connection.c  8 Mar 2006 04:54:10 -0000       1.350
+++ servers/slapd/connection.c  25 Mar 2006 00:10:55 -0000
@@ -1075,7 +1075,7 @@

        assert( connections != NULL );
        assert( index != NULL );
-       assert( *index >= 0 && *index < MCA_ARRAY_SIZE );
+       assert( *index >= 0 && *index <= dtblsize );

        if( c != NULL ) ldap_pvt_thread_mutex_unlock( &c->c_mutex );

Prev by Date: Re: (ITS#4428) OPenldap proxycache issue with binding
Next by Date: (ITS#4450) Potential endless loop in libldap when cahsing referrals
Index(es):
- Chronological
- Thread