[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: parse_oid() can cause a core dump (ITS#3065)

I have fixed, I believe, this problem in HEAD.  Please test.


At 08:39 AM 4/7/2004, pk@cs.few.eur.nl wrote:
>Full_Name: Paul Kranenburg
>Version: 2.2.7
>OS: Solaris 9
>Submission from: (NULL) (
>In libldap/schema.c:parse_oid(), the pointer array `res' is allocated and
>with 3 NULL pointers. If this array needs to be expanded (by calling
>the additional trailing storage is not initilized, which may lead to problems
>if when the array is freed later on, for instance by LDAP_FREE() a few lines
>in the same routine which is triggered if the oid list contains syntax errors.
>Since the array is expanded by just one element at a time, adding a
>    res1[size-1] = NULL;
>should solve the problem.