Logged in as guest
Viewing Historical/5323 Full headers
Major security issue: yes no
Notes: Notification:
Date: Fri, 11 Jan 2008 03:36:41 GMT From: h.b.furuseth@usit.uio.no To: openldap-its@OpenLDAP.org Subject: dyngroup.c:dgroup_cf() bug
Full_Name: Hallvard B Furuseth Version: HEAD, RE24 OS: URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard overlays/dyngroup.c:dgroup_cf() has some strange LDAP_MOD_DELETE code: app = (adpair **)&on->on_bi.bi_private; for (...; ...; ..., app = &ap->ap_next) { ap = *app; } *app = ap->ap_next; Last statement is a no-op, since *app == *(&ap->ap_next) == ap->ap_next. I'm not sure what it's intended to do. Also the first statement makes the void* object bi_private be accessed as an adpair* object. Breaks the 'strict aliasing' rules, so I guess it can miscompile. To avoid that, start the code with something like ap = on->on_bi.bi_private; app = ≈
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no> Date: Fri, 11 Jan 2008 04:55:04 +0100 To: openldap-its@openldap.org Subject: Re: (ITS#5323) dyngroup.c:dgroup_cf() bug
I wrote: > To avoid that, start the code with something like > ap = on->on_bi.bi_private; > app = ≈ Duh.. ignore that one. -- Hallvard
Date: Thu, 10 Jan 2008 20:03:24 -0800 From: Howard Chu <hyc@symas.com> To: h.b.furuseth@usit.uio.no CC: openldap-its@openldap.org Subject: Re: (ITS#5323) dyngroup.c:dgroup_cf() bug
h.b.furuseth@usit.uio.no wrote: > I wrote: >> To avoid that, start the code with something like >> ap = on->on_bi.bi_private; >> app = ≈ > > Duh.. ignore that one. > Probably should ignore all of this. dynlist totally supersedes dyngroup now. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
______________ © Copyright 2009, OpenLDAP Foundation, info@OpenLDAP.org
