[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_get_values_len(3) array not null terminated

The ldap_get_values_len(3) "returns a NULL-terminated array of pointers
to berval structures" but trying to access more than 2 elements returns
invalid memory. Specifically the val->bv_len in in the code below faults
because val is not a valid object. If I limit vi to less than 2 everything
works as expected.

I tried 2.2.29 on Fedora Core 3 and 2.2.13 on CentOS 4.

Am I doing something wrong?


  ldap = ldap_open("ts0.foo.net", LDAP_PORT);
  if (ldap) {
      int ret;
      int v3 = LDAP_VERSION3;

      if (ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF) != LDAP_SUCCESS ||
                  ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &v3) != LDAP_SUCCESS){
          return -1;

      ret = ldap_simple_bind_s(ldap, "administrator@win.net", "bogus");
      if (ret == 0) { 
          LDAPMessage *entries, *entry; 
          int ei;

          ldap_search_s(ldap, "dc=foo,dc=net", LDAP_SCOPE_BASE, NULL, NULL, 0, &entries);

          entry = ldap_first_entry(ldap, entries);
          for (ei = 0; entry; ei++) { 
              BerElement *berptr;
              char *attr;

              attr = ldap_first_attribute(ldap, entry, &berptr);
              while (attr) {
                  struct berval **vals; 
                  int vi;

                  vals = ldap_get_values_len(ldap, entry, attr);
                  for (vi = 0; vals[vi]; vi++) { 
                      struct berval *val = vals[vi];
                      printf("%ld\n", val->bv_len); <======= HERE

                  attr = ldap_next_attribute(ldap, entry, berptr);