[Date Prev][Date Next] [Chronological] [Thread] [Top]

numericStringNormalize easily asserts (ITS#656)

My OpenLDAP 2.0 slapd was core dumping in numericStringNormalize() in
servers/slapd/schema_init.c. The code points "char *p" and "char *q" to
the string, then reads it with "p" and recopies it at "q". If "p" 
sees a space, it jumps ahead without copying or advancing "q". 

If there are any spaces in the string, p will get ahead of q. After the
copy, there are 3 assert()'s, and the third one, assert( p <= q ), will
hit. Although none of these assert()'s should ever hit, the logic of
that one is backwards. It should check q <= p. The $0.10 patch for version
1.64 of the file is:

--- schema_init.cold    Fri Aug 11 09:20:11 2000
+++ schema_init.c       Fri Aug 11 09:21:40 2000
@@ -419,7 +419,7 @@
        assert( *newval->bv_val );
        assert( newval->bv_val < p );
-       assert( p <= q );
+       assert( q <= p );
        /* cannot start with a space */
        assert( !ldap_utf8_isspace(newval->bv_val) );

  -Mark Adamson
   Carnegie Mellon