[Date Prev][Date Next]
Re: parse_oid() can cause a core dump (ITS#3065)
I have fixed, I believe, this problem in HEAD. Please test.
At 08:39 AM 4/7/2004, firstname.lastname@example.org wrote:
>Full_Name: Paul Kranenburg
>OS: Solaris 9
>Submission from: (NULL) (18.104.22.168)
>In libldap/schema.c:parse_oid(), the pointer array `res' is allocated and
>with 3 NULL pointers. If this array needs to be expanded (by calling
>the additional trailing storage is not initilized, which may lead to problems
>if when the array is freed later on, for instance by LDAP_FREE() a few lines
>in the same routine which is triggered if the oid list contains syntax errors.
>Since the array is expanded by just one element at a time, adding a
> res1[size-1] = NULL;
>should solve the problem.