[Date Prev][Date Next] [Chronological] [Thread] [Top]

parse_oid() can cause a core dump (ITS#3065)

To: openldap-its@OpenLDAP.org
Subject: parse_oid() can cause a core dump (ITS#3065)
From: pk@cs.few.eur.nl
Date: Wed, 7 Apr 2004 15:39:34 GMT

Full_Name: Paul Kranenburg
Version: 2.2.7
OS: Solaris 9
URL: 
Submission from: (NULL) (130.115.112.236)


In libldap/schema.c:parse_oid(), the pointer array `res' is allocated and
initialized
with 3 NULL pointers. If this array needs to be expanded (by calling
LDAP_REALLOC)
the additional trailing storage is not initilized, which may lead to problems
if when the array is freed later on, for instance by LDAP_FREE() a few lines
down
in the same routine which is triggered if the oid list contains syntax errors.

Since the array is expanded by just one element at a time, adding a

    res1[size-1] = NULL;

should solve the problem.

Prev by Date: ldapmodify allows to add multiple Attribute with the same value (ITS#3066)
Next by Date: Re: parse_oid() can cause a core dump (ITS#3065)
Index(es):
- Chronological
- Thread