OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Archive.Software Bugs/2390
Full headers

From: rhafer@suse.de
Subject: ldbm_back_exop_passwd tries to free uninitialized struct berval
 Compose comment
Download message
State:
0 replies:
2 followups: 1 2

Major security issue: yes  no

Notes:

Notification: 


Date: Thu, 20 Mar 2003 15:27:49 GMT
From: rhafer@suse.de
To: openldap-its@OpenLDAP.org
Subject: ldbm_back_exop_passwd tries to free uninitialized struct berval

Full_Name: Ralf Haferkamp
Version: 2.1.12, HEAD
OS: Linux 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.95.15.201)


If slap_passwd_parse returns something != LDAP_SUCCESS the code tries to free
ndn->bv_val but this might be uninitialized and the server segfaults. 
The following small patch should fix this problem:

--- servers/slapd/back-ldbm/passwd.c    2003/03/20 13:55:24     1.1
+++ servers/slapd/back-ldbm/passwd.c    2003/03/20 13:56:09
@@ -38,8 +38,8 @@
        struct berval id = { 0, NULL };
        struct berval new = { 0, NULL };
 
-       struct berval dn;
-       struct berval ndn;
+       struct berval dn = { 0, NULL };
+       struct berval ndn = { 0, NULL };
 
        assert( reqoid != NULL );
        assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

Followup 1

Download message
Date: Sat, 22 Mar 2003 07:33:32 -0800
To: rhafer@suse.de
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: ldbm_back_exop_passwd tries to free uninitialized struct
  berval (ITS#2390)
Cc: openldap-its@OpenLDAP.org

Fixed in HEAD, please test.  Thanks, Kurt

At 07:27 AM 3/20/2003, rhafer@suse.de wrote:
>Full_Name: Ralf Haferkamp
>Version: 2.1.12, HEAD
>OS: Linux 
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (213.95.15.201)
>
>
>If slap_passwd_parse returns something != LDAP_SUCCESS the code tries to
free
>ndn->bv_val but this might be uninitialized and the server segfaults. 
>The following small patch should fix this problem:
>
>--- servers/slapd/back-ldbm/passwd.c    2003/03/20 13:55:24     1.1
>+++ servers/slapd/back-ldbm/passwd.c    2003/03/20 13:56:09
>@@ -38,8 +38,8 @@
>        struct berval id = { 0, NULL };
>        struct berval new = { 0, NULL };
> 
>-       struct berval dn;
>-       struct berval ndn;
>+       struct berval dn = { 0, NULL };
>+       struct berval ndn = { 0, NULL };
> 
>        assert( reqoid != NULL );
>        assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

Followup 2

Download message
Date: Mon, 24 Mar 2003 15:02:17 +0100
From: Ralf Haferkamp <rhafer@suse.de>
To: openldap-its@OpenLDAP.org
Subject: Re: ldbm_back_exop_passwd tries to free uninitialized struct berval (ITS#2390)

Hi,

Works for me now.

On Sat, Mar 22, 2003 at 03:35:43PM +0000, Kurt D. Zeilenga wrote:
> Fixed in HEAD, please test.  Thanks, Kurt

-- 
Thanks,
    Ralf
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2009, OpenLDAP Foundation, info@OpenLDAP.org