[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7012) Getting a core dump when TLSCertificateFile does not have an argument

> No, thanks.  The problem is that these specific statements do not
> prescribe a fixed number of arguments.  Moreover, the function that uses
> the value resets the field when passed a NULL argument.  If this behavior
> needs to be preserved, I have the right fix handy.  Otherwise it might
> need more work.

To be more specific: slapd's TLS configuration is registered without
enforcing a specific number of arguments.  This check is delegated to the
underlying calls to ldap_pvt_tls_set_option() performed by
config_tls_option().  This poses two problems:

- since the argument of these parameters is ARG_STRING, if no arg is
passed then ch_strdup() fails

- fixing this (by skipping ch_strdup() if argc == 1, for example) results
in calling ldap_pvt_tls_set_option with a NULL value, which is a perfectly
legitimate value (it means: clear any existing value), but it may not be
appropriate in this context.

Please advise whether the right fix is skip ch_strdup(), or enforcing a
requirement for argc == 2 for TLS-related fields.