[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5931) back-meta crashes with syncrepl data

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5931) back-meta crashes with syncrepl data
From: hyc@symas.com
Date: Tue, 10 Feb 2009 19:43:10 GMT

Pierangelo Masarati wrote:
> ----- "Howard Chu"<hyc@symas.com>  ha scritto:
>
>> ando@sys-net.it wrote:
>>> I'm trying to modify the code in order to compute the size of the
>>> SearchResultEntry portion of the message, but again, in some cases,
>> the
>>> size is computed incorrectly: the computed length is 4 octets
>> shorter
>>> than what's actually in the packet.
>>>
>>> One issue seems to be related to the fact that when ber_skip_tag()
>>> checks if the length it's computed fits in the ber by calling
>>> ber_pvt_ber_remaining(), it doesn't count that earlier calls to
>>> ber_read() moved the ber_ptr forward.  The original ber_ptr should
>> be saved.
>>
>> This sounds wrong; the bytes that ber_read() advanced comprise the
>> length
>> bytes, but they're not included in the total that the length is
>> counting.
>> Therefore they should not be accounted for here.
>
> But without this fix ber_scanf("l") LBER_ERROR was failing because
> ber_pvt_ber_remaining(), which is actually ber_end - ber_ptr, is shorter
> than *len by the bytes that the ber_reads are advancing.  Feel free to back
> this out, if you're sure it's incorrect.  I'll recheck the syncrepl over
> back-meta.

Pretty sure. Notice ber_first_element: *last = ber->ber_ptr + *len;
All of this has been working for quite a long time...

I'll play with this code some with the decode change backed out.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#5931) back-meta crashes with syncrepl data
Next by Date: Re: (ITS#5931) back-meta crashes with syncrepl data
Index(es):
- Chronological
- Thread