Issue 7893 - memberof: bad a_numvals count
Summary: memberof: bad a_numvals count
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.39
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-09 19:34 UTC by jsoula@univ-lille2.fr
Modified: 2014-12-11 00:59 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description jsoula@univ-lille2.fr 2014-07-09 19:34:22 UTC 
Full_Name: julien soula
Version: 2.4.39
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.254.117.28)


Hi,

this is related to ITS#6508. I don't think that the supplied patch is enough to
fix the bug.

When the last "member" entry is dangling then "( j - i == 1 )" is true and the
loop is broken without reducing a_numvals.

So I propose this patch :

--- servers/slapd/overlays/memberof.c.orig      2014-07-09 21:17:14.487296363
+0200
+++ servers/slapd/overlays/memberof.c   2014-07-09 21:31:44.071565223 +0200
@@ -596,6 +596,7 @@
                                                ber_memfree( a->a_nvals[ i
].bv_val );
                                                BER_BVZERO( &a->a_nvals[ i ] );
                                        }
+                                       a->a_numvals--;
                                        if ( j - i == 1 ) {
                                                break;
                                        }
@@ -607,7 +608,6 @@
                                                        sizeof( struct berval )
* ( j - i ) );
                                        }
                                        i--;
-                                       a->a_numvals--;
                                }
                        }



Best regards,
Julien
Comment 1 Howard Chu 2014-07-09 20:08:53 UTC 
jsoula@univ-lille2.fr wrote:
> Full_Name: julien soula
> Version: 2.4.39
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (194.254.117.28)
>
>
> Hi,
>
> this is related to ITS#6508. I don't think that the supplied patch is enough to
> fix the bug.
>
> When the last "member" entry is dangling then "( j - i == 1 )" is true and the
> loop is broken without reducing a_numvals.

Looks like you're right. Committed to master, thanks.
>
> So I propose this patch :
>
> --- servers/slapd/overlays/memberof.c.orig      2014-07-09 21:17:14.487296363
> +0200
> +++ servers/slapd/overlays/memberof.c   2014-07-09 21:31:44.071565223 +0200
> @@ -596,6 +596,7 @@
>                                                  ber_memfree( a->a_nvals[ i
> ].bv_val );
>                                                  BER_BVZERO( &a->a_nvals[ i ] );
>                                          }
> +                                       a->a_numvals--;
>                                          if ( j - i == 1 ) {
>                                                  break;
>                                          }
> @@ -607,7 +608,6 @@
>                                                          sizeof( struct berval )
> * ( j - i ) );
>                                          }
>                                          i--;
> -                                       a->a_numvals--;
>                                  }
>                          }
>
>
>
> Best regards,
> Julien
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
Comment 2 Howard Chu 2014-08-11 15:58:04 UTC 
changed notes
changed state Open to Test
moved from Incoming to Software Bugs
Comment 3 OpenLDAP project 2014-12-11 00:59:52 UTC 
fixed in master
fixed in RE25
fixed in RE24
Comment 4 Quanah Gibson-Mount 2014-12-11 00:59:52 UTC 
changed notes
changed state Test to Closed