[Date Prev][Date Next] [Chronological] [Thread] [Top]

Buglets in "clients/ud/main.c" (ITS#1140)



Full_Name: David Lee
Version: 2.0.7
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.82.103.75)


As a newcomer, trying to get an OpenLDAP 2.0.7 service developed, I got a
couple of segmentation violations from the "ud" program.  The patch below
fixes them: 

========================== snip =====================
--- main.c.orig Wed Sep 13 21:19:45 2000
+++ main.c      Fri May  4 14:43:39 2001
@@ -394,6 +394,10 @@
                        return;
                }
                cp = strchr(*base, '=');
+               if (cp == NULL) {
+                       printf("  No '=' in base %s\n", base);
+                       return;
+               }
                cp++;
                /*
                 *  If there isn't a second "=" in the base, then this was
@@ -529,6 +533,10 @@
                if (vrfy(s)) {
                        StrFreeDup(base, s);
                        printbase(output_string, *base);
+                       return;
+               }
+               if (*base == NULL) {
+                       printf("  No current base for %s\n", s);
                        return;
                }
                /* was it a RDN relative to the current base? */
========================== snip =====================
The lower fixes a problem when duff input such as "cb xyz" is given (with
a default root directory, so *base was NULL). 

The upper fixes a problem when a base without an "=" has somehow got
established (which probably "Shouldn't Happen"(TM), but read on...) 

There is also another problem which I am totally unqualified to attempt
to fix.  The code from around line 406 is:

========================== snip =====================
                if ((cp = strchr(cp, '=')) == NULL)
                        StrFreeDup(base, NULL);
                else {
                        /*
                         *  Back up to the start of this
                         *
                         *      attr=value
                         *
                         *  sequence now that 'cp' is pointing to the '='.
                         */
                        while(!isspace((unsigned char)*cp))
                                cp--;
                        cp++;
========================== snip =====================

This is fine if the string was, for example, "dc=thing1, dc=thing2".
But it doesn't handle the supposedly equivalent "dc=thing1,dc=thing2" 
(i.e. without the space). 

[I think this might have led to my getting the peculiar value for "base"
mentioned earlier, possibly as the "cp--" backed up into unrelated data.]