[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: servers/slapd/back-shell/result.c realloc bug (ITS#506)



Thanks.  I've committed a similiar fix to -devel and will
back port to 1.2 prior to 1.2.11.

	Kurt

At 05:51 PM 4/19/00 GMT, mei@isi.edu wrote:
>Full_Name: Mei-Hui Su
>Version: 1.2.(7,9,10) and dev tree
>OS: solaris
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (128.9.64.206)
>
>
>>  We found a bug in servers/slapd/back-shell/result.c in 1.2.9 and
>>also in 1.2.7 and the development tree. What happens is that when
>>buf got 'reallocated', the bp (the buf place pointer) did not get
>>moved. This will lead to memory corruption and seg faults. This is 
>>the patch for it,
>
>diff -u /nfs/globus2/MEI/nPROJ_CC/OpenLDAP/globus-one/OpenLDAP-1.2.7-globus/servers/slapd/back-shell/result.c
>result.c
>--- /nfs/globus2/MEI/nPROJ_CC/OpenLDAP/globus-one/OpenLDAP-1.2.7-globus/servers/slapd/back-shell/result.c
>      Fri Apr 14 11:31:36 2000
>+++ result.c    Mon Nov 16 15:24:31 1998
>@@ -21,7 +21,7 @@
>     int                attrsonly
> )
> {
>-       int     bsize, len, offset;
>+       int     bsize, len;
>        char    *buf, *bp;
>        char    line[BUFSIZ];
>        Entry   *e;
>@@ -43,9 +43,7 @@
>                len = strlen( line );
>                while ( bp + len - buf > bsize ) {
>                        bsize += BUFSIZ;
>-                       offset = (int) (bp - buf);
>                        buf = (char *) ch_realloc( buf, bsize );
>-                       bp = buf + offset;
>                }
>                strcpy( bp, line );
>
>>  We have already double checke the other back-X directory in 
>>1.2.7 and 1.2.9 and developement tree. back-ldbm's search.c got
>>it correctly. But in the development tree's servers/slapd/back-tcl's
>>tcl_modify.c(1) and tcl_util.c(2), there are similar problems.  
>>
>>mei
>bp += len;
>
>
>
>
>