OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/6169
Full headers

From: h.b.furuseth@usit.uio.no
Subject: dds overlay bug(s) when expiring entries
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 11 Jun 2009 01:06:28 +0000
From: h.b.furuseth@usit.uio.no
To: openldap-its@OpenLDAP.org
Subject: dds overlay bug(s) when expiring entries
Full_Name: Hallvard B Furuseth
Version: HEAD, RE24
OS: Linux
URL: 
Submission from: (NULL) (129.240.6.233)
Submitted by: hallvard


Thinko in dds_expire():

Traversing a list chained on (struct dds_expire_t).de_next,
it keeps dds_expire_t **dep == &(previous element).de_next.
Before freeing (de = *dep), it points dep into de.  Fixing.

Suspicious code in same function:

The 'default:' branch says "deferring" (deferring what? deletion?)
and does not increment ndeletes, yet 'dds_expire_t *de' is deleted
in that case as well.  Is that intentional?  I don't know dds.  If
it's not, we could just move the free() into 'case LDAP_SUCCESS:'
and remove the 'de = NULL;' in the LDAP_NOT_ALLOWED_ON_NONLEAF case.
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org