[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7012) Getting a core dump when TLSCertificateFile does not have an argument

masarati@aero.polimi.it wrote:
>> No, thanks.  The problem is that these specific statements do not
>> prescribe a fixed number of arguments.  Moreover, the function that uses
>> the value resets the field when passed a NULL argument.  If this behavior
>> needs to be preserved, I have the right fix handy.  Otherwise it might
>> need more work.
> To be more specific: slapd's TLS configuration is registered without
> enforcing a specific number of arguments.  This check is delegated to the
> underlying calls to ldap_pvt_tls_set_option() performed by
> config_tls_option().  This poses two problems:
> - since the argument of these parameters is ARG_STRING, if no arg is
> passed then ch_strdup() fails
> - fixing this (by skipping ch_strdup() if argc == 1, for example) results
> in calling ldap_pvt_tls_set_option with a NULL value, which is a perfectly
> legitimate value (it means: clear any existing value), but it may not be
> appropriate in this context.
> Please advise whether the right fix is skip ch_strdup(), or enforcing a
> requirement for argc == 2 for TLS-related fields.

I don't remember any particular reason why the argument count was omitted 
here. Looking back over release 2.2 I don't see any special provision for 
multiple arguments. I.e., it doesn't look like we need to accomodate longer 
argument lists here. And I don't see why we would want to NULL out any 
existing settings. Sounds like we should just require argc == 2.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/