[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch malloc bug
actually the same symptom can be found for the referral string also, when
you send a search request for which the ldap server sends a referral back,
if in the slapd.conf file you have a referral like
ldap://holmes:6001, it would only send back ldap://holmes:600 since i was
too busy trying to understand the referral, i didnt check on where the fault
is rather in my referral parameter i changed
it to ldap://holmes:6001/ and i get the return result as ldap://holmes:6001
By the way i had posted
a query on the functionality on referral to openldap-software, if anyone had
a look can you please answer or i guess i have to understand the rfc2251
better. Oh yeah! i am using the code under development which supports
referrals.
bye
bharat
----- Original Message -----
From: Howard Chu <hyc@highlandsun.com>
To: <openldap-devel@openldap.org>
Sent: Thursday, December 02, 1999 1:45 AM
Subject: ldapsearch malloc bug
> This problem arose in our Mingw32 port and took until now to figure out:
> In this snippet from ldapsearch.c:
>
> if( tmpdir == NULL
> && (tmpdir = getenv("TMPDIR")) == NULL
> && (tmpdir = getenv("TMP")) == NULL
> && (tmpdir = getenv("TEMP")) == NULL )
> {
> tmpdir = "/tmp";
> }
>
> if( urlpre == NULL ) {
> urlpre = malloc( sizeof("file:///") + strlen(tmpdir) );
>
> if( urlpre == NULL ) {
> perror( "malloc" );
> return EXIT_FAILURE;
> }
>
> sprintf( urlpre, "file:///%s/",
> tmpdir[0] == '/' ? &tmpdir[1] : tmpdir );
>
> /* urlpre should be URLized.... */
> }
>
> The buffer length for urlpre is potentially short by one byte. The sprintf
> drops the leading character if tmpdir[0] is a '/', so on Unix this buffer
> will usually be the correct length. But if the first character is kept,
then
> you get a buffer overrun. On NT we set TEMPDIR to e.g. "C:\tmp" so this
> buffer was always being overrun.
>
> It seems to me that either one more byte needs to be allocated, or the
> sprintf statement should be replaced with this:
> sprintf( urlpre, "file://%s/", tmpdir);
>
> Any preferences?
>
>