[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sprintf segv in ldapsearch (ITS#274)

Thanks,  I applied a fix to OPENLDAP_REL_ENG_1_2.  Please test.

At 11:43 PM 8/25/99 GMT, you wrote:
>Try this for a segfault:
>    ldapsearch 'any_attr=%1000000s'
>It comes from passing the search filter directly to sprintf at line
>354 of ldapsearch.c:
>    static int dosearch(
>	    LDAP    *ld,
>	char        *base,
>	int         scope,
>	char        **attrs,
>	int         attrsonly,
>	char        *filtpatt,
>	char        *value)
>    {
>	char                filter[ BUFSIZ ];
>	int                 rc, first, matches;
>	LDAPMessage         *res, *e;
>	sprintf( filter, filtpatt, value );
>	...
>Now, few people are going to type in the search filter above, but I
>did run into problems searching for values which contained a '%'
>char.  The man page states:
>       -f file
>              Read a series of lines from  file,  performing  one
>              LDAP  search for each line.  In this case, the fil-
>              ter given on the command line is treated as a  pat-
>              tern  where  the first occurrence of %s is replaced
>              with a line from file.  If file is a single - char-
>              acter, then the lines are read from standard input.
>I would interpret that to mean that if the -f flag is not set, then
>'%' should not be interpreted by sprintf.