[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd crash when db suffix is "" (ITS#42)
Full_Name: Brad Rubenstein
Version: stable-981231
OS: Solaris 5.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (208.168.16.140)
slapd crashes on search when the database suffix is "" in slapd.conf
(I wanted the database to contain the entire universe, with no referals,
and I expected that a base of "" would do it).
crash is caused by a garbage argument to free in
servers/slapd/back-ldbm/search.c
line 122.
In ldbm_back_search "matched" is set to stack garbage at line 52, and, if
candidates == NULL, free(matched) is called and crashes. This is because
subtree_candidates only sets the value of "matched" if base is not "". It seems
hard to
guarantee that matched will be initialized by the various subroutine calls made
by
ldbm_back_search, so perhaps it should be set to NULL at the top...