[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd crashes if no such value (ITS#2827)

Full_Name: Masato Taruishi
Version: HEAD
OS: Debian GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


slaped craches if no such value in changetype: modify.
For example, in the following slapd.replog(5), 

dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US
changetype: modify
delete: uniquemember
uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People,
o=University of Michigan, c=US
uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People,
o=Uni versity of Michigan, c=US

Say that the first attribute 'James' exists in the entry but 'Bjorn'
doesn't. In this case,  slapd crashes after logging no such value.

The reason is follows:

   According to mods.c, the first attribute 'James' is successfully
   deleted and &dummy is used to mark the attribute as old. But,
   because the second attribute doesn't exist, modify_delete_values()
   returns with NO_SUCH_ATTRIBUTE without cleaning &dummy pointer.

   Because dummy is allocated in stack, the slap_entry includes
   the outdate location (&dummy). So, slapd craches in attr_free(e);

The attached patch would fix this problem. This patch check if the 
slap_entry includes &dummy. If so, then modify_delete_values dosn't
return soon, but clean the slap_entry value at first.


Index: servers/slapd/mods.c
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/mods.c,v
retrieving revision 1.33
diff -u -r1.33 mods.c
--- servers/slapd/mods.c        10 Nov 2003 01:44:25 -0000      1.33
+++ servers/slapd/mods.c        13 Nov 2003 03:30:43 -0000
@@ -291,7 +291,7 @@
                                snprintf( textbuf, textlen,
                                        "%s: matching rule failed",
                                        mod->sm_desc->ad_cname.bv_val );
-                               goto return_results;
+                               break;

                        if ( match != 0 ) {
@@ -317,7 +317,11 @@
                                "modify/delete: %s: no such value",
                                mod->sm_desc->ad_cname.bv_val );
                        rc = LDAP_NO_SUCH_ATTRIBUTE;
-                       goto return_results;
+                       if ( i > 0 ) {
+                               break;
+                       } else {
+                               goto return_results;
+                       }