[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5315) Crash in ldap_parse_page_control

To: openldap-its@OpenLDAP.org
Subject: (ITS#5315) Crash in ldap_parse_page_control
From: rhafer@suse.de
Date: Wed, 9 Jan 2008 12:20:49 GMT

Full_Name: Ralf Haferkamp
Version: RE24, HEAD
OS: any
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (85.8.71.175)


Applications using ldap_parse_page_control (e.g. nss_ldap) might crash. valgrind
reports this:

==21971== Invalid write of size 8
==21971==    at 0x5BDFF04: ldap_parse_page_control (pagectrl.c:263)
==21971==    by 0x599F170: do_result (ldap-nss.c:2511)
==21971==    by 0x599F289: do_parse (ldap-nss.c:2844)
==21971==    by 0x59A0245: _nss_ldap_getent_ex (ldap-nss.c:3413)
[..]
==21971==  Address 0x51fad38 is 0 bytes after a block of size 8 alloc'd
==21971==    at 0x4C2460E: malloc (in
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==21971==    by 0x5E0652C: ber_memalloc_x (memory.c:226)
==21971==    by 0x5BDFEEB: ldap_parse_page_control (pagectrl.c:259)
==21971==    by 0x599F170: do_result (ldap-nss.c:2511)
==21971==    by 0x599F289: do_parse (ldap-nss.c:2844)
==21971==    by 0x59A0245: _nss_ldap_getent_ex (ldap-nss.c:3413)
[..]

Fix is on the way to HEAD.

Prev by Date: Re: (ITS#5312) ldapmodify(1) man page claims that "changetype:" not necessary
Next by Date: Re: (ITS#5312) ldapmodify(1) man page claims that "changetype:" not necessary
Index(es):
- Chronological
- Thread