[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd crashes if no such value (ITS#2827)
Full_Name: Masato Taruishi
Version: HEAD
OS: Debian GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (210.128.90.14)
Hello.
slaped craches if no such value in changetype: modify.
For example, in the following slapd.replog(5),
dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US
changetype: modify
delete: uniquemember
uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People,
o=University of Michigan, c=US
uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People,
o=Uni versity of Michigan, c=US
^^^^^^^^^^^^
Say that the first attribute 'James' exists in the entry but 'Bjorn'
doesn't. In this case, slapd crashes after logging no such value.
The reason is follows:
According to mods.c, the first attribute 'James' is successfully
deleted and &dummy is used to mark the attribute as old. But,
because the second attribute doesn't exist, modify_delete_values()
returns with NO_SUCH_ATTRIBUTE without cleaning &dummy pointer.
Because dummy is allocated in stack, the slap_entry includes
the outdate location (&dummy). So, slapd craches in attr_free(e);
The attached patch would fix this problem. This patch check if the
slap_entry includes &dummy. If so, then modify_delete_values dosn't
return soon, but clean the slap_entry value at first.
Thanks
Index: servers/slapd/mods.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/mods.c,v
retrieving revision 1.33
diff -u -r1.33 mods.c
--- servers/slapd/mods.c 10 Nov 2003 01:44:25 -0000 1.33
+++ servers/slapd/mods.c 13 Nov 2003 03:30:43 -0000
@@ -291,7 +291,7 @@
snprintf( textbuf, textlen,
"%s: matching rule failed",
mod->sm_desc->ad_cname.bv_val );
- goto return_results;
+ break;
}
if ( match != 0 ) {
@@ -317,7 +317,11 @@
"modify/delete: %s: no such value",
mod->sm_desc->ad_cname.bv_val );
rc = LDAP_NO_SUCH_ATTRIBUTE;
- goto return_results;
+ if ( i > 0 ) {
+ break;
+ } else {
+ goto return_results;
+ }
}
}