Issue 2390 - ldbm_back_exop_passwd tries to free uninitialized struct berval
Summary: ldbm_back_exop_passwd tries to free uninitialized struct berval
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-03-20 15:27 UTC by Ralf
Modified: 2014-08-01 21:06 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description Ralf 2003-03-20 15:27:49 UTC
Full_Name: Ralf Haferkamp
Version: 2.1.12, HEAD
OS: Linux 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.95.15.201)


If slap_passwd_parse returns something != LDAP_SUCCESS the code tries to free
ndn->bv_val but this might be uninitialized and the server segfaults. 
The following small patch should fix this problem:

--- servers/slapd/back-ldbm/passwd.c    2003/03/20 13:55:24     1.1
+++ servers/slapd/back-ldbm/passwd.c    2003/03/20 13:56:09
@@ -38,8 +38,8 @@
        struct berval id = { 0, NULL };
        struct berval new = { 0, NULL };
 
-       struct berval dn;
-       struct berval ndn;
+       struct berval dn = { 0, NULL };
+       struct berval ndn = { 0, NULL };
 
        assert( reqoid != NULL );
        assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

Comment 1 Howard Chu 2003-03-22 15:26:57 UTC
changed notes
changed state Open to Test
moved from Incoming to Software Bugs
Comment 2 Kurt Zeilenga 2003-03-22 15:33:32 UTC
Fixed in HEAD, please test.  Thanks, Kurt

At 07:27 AM 3/20/2003, rhafer@suse.de wrote:
>Full_Name: Ralf Haferkamp
>Version: 2.1.12, HEAD
>OS: Linux 
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (213.95.15.201)
>
>
>If slap_passwd_parse returns something != LDAP_SUCCESS the code tries to free
>ndn->bv_val but this might be uninitialized and the server segfaults. 
>The following small patch should fix this problem:
>
>--- servers/slapd/back-ldbm/passwd.c    2003/03/20 13:55:24     1.1
>+++ servers/slapd/back-ldbm/passwd.c    2003/03/20 13:56:09
>@@ -38,8 +38,8 @@
>        struct berval id = { 0, NULL };
>        struct berval new = { 0, NULL };
> 
>-       struct berval dn;
>-       struct berval ndn;
>+       struct berval dn = { 0, NULL };
>+       struct berval ndn = { 0, NULL };
> 
>        assert( reqoid != NULL );
>        assert( strcmp( LDAP_EXOP_MODIFY_PASSWD, reqoid ) == 0 );

Comment 3 Kurt Zeilenga 2003-03-24 04:16:51 UTC
changed notes
changed state Test to Release
Comment 4 Ralf 2003-03-24 14:02:17 UTC
Hi,

Works for me now.

On Sat, Mar 22, 2003 at 03:35:43PM +0000, Kurt D. Zeilenga wrote:
> Fixed in HEAD, please test.  Thanks, Kurt

-- 
Thanks,
    Ralf

Comment 5 Kurt Zeilenga 2003-04-04 23:22:47 UTC
changed notes
changed state Release to Closed
Comment 6 Howard Chu 2006-06-11 08:55:14 UTC
moved from Software Bugs to Archive.Software Bugs
Comment 7 OpenLDAP project 2014-08-01 21:06:27 UTC
fixed in HEAD
fixed in re21