[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5931) back-meta crashes with syncrepl data
Pierangelo Masarati wrote:
> ----- "Howard Chu"<hyc@symas.com> ha scritto:
>
>> ando@sys-net.it wrote:
>>> I'm trying to modify the code in order to compute the size of the
>>> SearchResultEntry portion of the message, but again, in some cases,
>> the
>>> size is computed incorrectly: the computed length is 4 octets
>> shorter
>>> than what's actually in the packet.
>>>
>>> One issue seems to be related to the fact that when ber_skip_tag()
>>> checks if the length it's computed fits in the ber by calling
>>> ber_pvt_ber_remaining(), it doesn't count that earlier calls to
>>> ber_read() moved the ber_ptr forward. The original ber_ptr should
>> be saved.
>>
>> This sounds wrong; the bytes that ber_read() advanced comprise the
>> length
>> bytes, but they're not included in the total that the length is
>> counting.
>> Therefore they should not be accounted for here.
>
> But without this fix ber_scanf("l") LBER_ERROR was failing because
> ber_pvt_ber_remaining(), which is actually ber_end - ber_ptr, is shorter
> than *len by the bytes that the ber_reads are advancing. Feel free to back
> this out, if you're sure it's incorrect. I'll recheck the syncrepl over
> back-meta.
Pretty sure. Notice ber_first_element: *last = ber->ber_ptr + *len;
All of this has been working for quite a long time...
I'll play with this code some with the decode change backed out.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/