[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
parse_oid() can cause a core dump (ITS#3065)
Full_Name: Paul Kranenburg
Version: 2.2.7
OS: Solaris 9
URL:
Submission from: (NULL) (130.115.112.236)
In libldap/schema.c:parse_oid(), the pointer array `res' is allocated and
initialized
with 3 NULL pointers. If this array needs to be expanded (by calling
LDAP_REALLOC)
the additional trailing storage is not initilized, which may lead to problems
if when the array is freed later on, for instance by LDAP_FREE() a few lines
down
in the same routine which is triggered if the oid list contains syntax errors.
Since the array is expanded by just one element at a time, adding a
res1[size-1] = NULL;
should solve the problem.