[Date Prev][Date Next]
Re: sprintf segv in ldapsearch (ITS#274)
Thanks, I applied a fix to OPENLDAP_REL_ENG_1_2. Please test.
At 11:43 PM 8/25/99 GMT, you wrote:
>Try this for a segfault:
> ldapsearch 'any_attr=%1000000s'
>It comes from passing the search filter directly to sprintf at line
>354 of ldapsearch.c:
> static int dosearch(
> LDAP *ld,
> char *base,
> int scope,
> char **attrs,
> int attrsonly,
> char *filtpatt,
> char *value)
> char filter[ BUFSIZ ];
> int rc, first, matches;
> LDAPMessage *res, *e;
> sprintf( filter, filtpatt, value );
>Now, few people are going to type in the search filter above, but I
>did run into problems searching for values which contained a '%'
>char. The man page states:
> -f file
> Read a series of lines from file, performing one
> LDAP search for each line. In this case, the fil-
> ter given on the command line is treated as a pat-
> tern where the first occurrence of %s is replaced
> with a line from file. If file is a single - char-
> acter, then the lines are read from standard input.
>I would interpret that to mean that if the -f flag is not set, then
>'%' should not be interpreted by sprintf.