[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: servers/slapd/back-shell/result.c realloc bug (ITS#506)
Thanks. I've committed a similiar fix to -devel and will
back port to 1.2 prior to 1.2.11.
Kurt
At 05:51 PM 4/19/00 GMT, mei@isi.edu wrote:
>Full_Name: Mei-Hui Su
>Version: 1.2.(7,9,10) and dev tree
>OS: solaris
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (128.9.64.206)
>
>
>> We found a bug in servers/slapd/back-shell/result.c in 1.2.9 and
>>also in 1.2.7 and the development tree. What happens is that when
>>buf got 'reallocated', the bp (the buf place pointer) did not get
>>moved. This will lead to memory corruption and seg faults. This is
>>the patch for it,
>
>diff -u /nfs/globus2/MEI/nPROJ_CC/OpenLDAP/globus-one/OpenLDAP-1.2.7-globus/servers/slapd/back-shell/result.c
>result.c
>--- /nfs/globus2/MEI/nPROJ_CC/OpenLDAP/globus-one/OpenLDAP-1.2.7-globus/servers/slapd/back-shell/result.c
> Fri Apr 14 11:31:36 2000
>+++ result.c Mon Nov 16 15:24:31 1998
>@@ -21,7 +21,7 @@
> int attrsonly
> )
> {
>- int bsize, len, offset;
>+ int bsize, len;
> char *buf, *bp;
> char line[BUFSIZ];
> Entry *e;
>@@ -43,9 +43,7 @@
> len = strlen( line );
> while ( bp + len - buf > bsize ) {
> bsize += BUFSIZ;
>- offset = (int) (bp - buf);
> buf = (char *) ch_realloc( buf, bsize );
>- bp = buf + offset;
> }
> strcpy( bp, line );
>
>> We have already double checke the other back-X directory in
>>1.2.7 and 1.2.9 and developement tree. back-ldbm's search.c got
>>it correctly. But in the development tree's servers/slapd/back-tcl's
>>tcl_modify.c(1) and tcl_util.c(2), there are similar problems.
>>
>>mei
>bp += len;
>
>
>
>
>