[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6501) DBTzeros in bdb/hdb
mbackes@symas.com wrote:
> Full_Name: Matthew Backes
> Version: 2.4, HEAD
> OS: any
> URL:
> Submission from: (NULL) (76.88.107.46)
>
>
> The lockobj's in BDB aren't being DBTzero()'d fully before use; they
> consist of more than just .data and .size, so this leaves uninit
> memory that gets branched on.
>
> Needs to be applied to HEAD and 2.4. (2.3 as well, for those still
> tracking that for some reason, probably all branches with BDB/HDB)
Thanks, fixed in HEAD. The dn2id.c patch is obsolete, that function is no
longer used.
>
> Patch vs HEAD:
>
> ===================================================================
> RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/cache.c,v
> retrieving revision 1.214
> diff -u -u -r1.214 cache.c
> --- cache.c 4 Nov 2009 05:09:51 -0000 1.214
> +++ cache.c 29 Mar 2010 16:41:59 -0000
> @@ -184,6 +184,7 @@
>
> if ( !lock ) return 0;
>
> + DBTzero(&lockobj );
> lockobj.data =&ei->bei_id;
> lockobj.size = sizeof(ei->bei_id) + 1;
>
> @@ -225,6 +226,7 @@
> else
> db_rw = DB_LOCK_READ;
>
> + DBTzero(&lockobj );
> lockobj.data =&ei->bei_id;
> lockobj.size = sizeof(ei->bei_id) + 1;
>
> Index: dn2id.c
> ===================================================================
> RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/dn2id.c,v
> retrieving revision 1.169
> diff -u -u -r1.169 dn2id.c
> --- dn2id.c 15 Feb 2010 14:25:47 -0000 1.169
> +++ dn2id.c 29 Mar 2010 16:41:59 -0000
> @@ -42,6 +42,7 @@
> else
> db_rw = DB_LOCK_READ;
>
> + DBTzero(&lockobj );
> lockobj.data = dn->bv_val;
> lockobj.size = dn->bv_len;
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/