[Date Prev][Date Next] [Chronological] [Thread] [Top]

Bug in slapi_int_init_connection



Please, look at the Operation allocation procedure in servers/slapd/ slapi/slapi_ops.c line 144.
o_pb are defined in server/slapd/slap.h as o_hdr->oh_pb. And at that point o_hdr is NULL, so anyone calling slapi_add_entry_internal, slapi_search_internal, etc would crash slapd.


Following patch fixes the problem(actually, it's almost copy-n-paste from slap_op_alloc:
--- openldap-cvs/servers/slapd/slapi/slapi_ops.c 14 Jul 2005 17:23:26 -0000 1.76
+++ openldap-cvs/servers/slapd/slapi/slapi_ops.c 15 Jul 2005 20:29:42 -0000
@@ -125,6 +125,7 @@
int OpType )
{
Connection *pConn;
+ Operation *op;
ber_len_t max = sockbuf_max_incoming;


        pConn = (Connection *) slapi_ch_calloc(1, sizeof(Connection));
@@ -134,12 +135,15 @@

        LDAP_STAILQ_INIT( &pConn->c_pending_ops );

- pConn->c_pending_ops.stqh_first =
- (Operation *) slapi_ch_calloc( 1, sizeof(Operation) );
- if ( pConn->c_pending_ops.stqh_first == NULL ) {
+ op = (Operation *)slapi_ch_calloc( 1, sizeof(Operation)
+ + sizeof(Opheader) + SLAP_MAX_CIDS*sizeof(void *) );
+ if ( op == NULL ) {
slapi_ch_free( (void **)&pConn );
return (Connection *)NULL;
}
+ op->o_hdr = (Opheader *)(op + 1);
+ op->o_controls = (void **)(op->o_hdr + 1);
+ pConn->c_pending_ops.stqh_first = op;


        pConn->c_pending_ops.stqh_first->o_pb =
                (Slapi_PBlock *) slapi_pblock_new();


Although, may be it'll be better, if Operation allocation would be define as function in slapd/operation.c and slap_op_alloc and slapi_int_init_conenction would call to the same function.


Best,
    Nikita