[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
servers/slapd/back-shell/result.c realloc bug (ITS#506)
Full_Name: Mei-Hui Su
Version: 1.2.(7,9,10) and dev tree
OS: solaris
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.9.64.206)
> We found a bug in servers/slapd/back-shell/result.c in 1.2.9 and
>also in 1.2.7 and the development tree. What happens is that when
>buf got 'reallocated', the bp (the buf place pointer) did not get
>moved. This will lead to memory corruption and seg faults. This is
>the patch for it,
diff -u /nfs/globus2/MEI/nPROJ_CC/OpenLDAP/globus-one/OpenLDAP-1.2.7-globus/servers/slapd/back-shell/result.c
result.c
--- /nfs/globus2/MEI/nPROJ_CC/OpenLDAP/globus-one/OpenLDAP-1.2.7-globus/servers/slapd/back-shell/result.c
Fri Apr 14 11:31:36 2000
+++ result.c Mon Nov 16 15:24:31 1998
@@ -21,7 +21,7 @@
int attrsonly
)
{
- int bsize, len, offset;
+ int bsize, len;
char *buf, *bp;
char line[BUFSIZ];
Entry *e;
@@ -43,9 +43,7 @@
len = strlen( line );
while ( bp + len - buf > bsize ) {
bsize += BUFSIZ;
- offset = (int) (bp - buf);
buf = (char *) ch_realloc( buf, bsize );
- bp = buf + offset;
}
strcpy( bp, line );
> We have already double checke the other back-X directory in
>1.2.7 and 1.2.9 and developement tree. back-ldbm's search.c got
>it correctly. But in the development tree's servers/slapd/back-tcl's
>tcl_modify.c(1) and tcl_util.c(2), there are similar problems.
>
>mei
bp += len;