[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4450) Potential endless loop in libldap when cahsing referrals



Full_Name: Pierangelo Masarati
Version: HEAD,re23,?
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando


In libldap/request.c:ldap_chase_v3referrals() there's a piece of code I don't
quite well understand, but I've experienced it running into an endless loop
whentwo different DNs for the same connection are requested:

                        for (lp = origreq; lp; ) {
                                if ( lp->lr_conn == lc ) {
                                        if ( len == lp->lr_dn.bv_len ) {
                                                if ( len && strncmp(
srv->lud_dn, lp->lr_dn.bv_val,
                                                        len ))
                                                        continue;
                                                looped = 1;
                                                break;
                                        }
                                }
                                if ( lp == origreq )
                                        lp = lp->lr_child;
                                else
                                        lp = lr->lr_refnext;
                        }

If the strncmp() returns != 0, lp is never changed.

I'm at a loss as per what would be a reasonable behavior in this case.  My guess
is that the "continue" originally referred to the outer loop.

p.