[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-bugs
Subject:    Re: servers/slapd/back-shell/result.c realloc bug  (ITS#506)
From:       Kurt () OpenLDAP ! org
Date:       2000-04-25 7:20:04
[Download RAW message or body]

Thanks.  I've committed a similiar fix to -devel and will
back port to 1.2 prior to 1.2.11.

	Kurt

At 05:51 PM 4/19/00 GMT, mei@isi.edu wrote:
> Full_Name: Mei-Hui Su
> Version: 1.2.(7,9,10) and dev tree
> OS: solaris
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (128.9.64.206)
> 
> 
> > We found a bug in servers/slapd/back-shell/result.c in 1.2.9 and
> > also in 1.2.7 and the development tree. What happens is that when
> > buf got 'reallocated', the bp (the buf place pointer) did not get
> > moved. This will lead to memory corruption and seg faults. This is 
> > the patch for it,
> 
> diff -u /nfs/globus2/MEI/nPROJ_CC/OpenLDAP/globus-one/OpenLDAP-1.2.7-globus/servers/slapd/back-shell/result.c
>  result.c
> --- /nfs/globus2/MEI/nPROJ_CC/OpenLDAP/globus-one/OpenLDAP-1.2.7-globus/servers/slapd/back-shell/result.c
>  Fri Apr 14 11:31:36 2000
> +++ result.c    Mon Nov 16 15:24:31 1998
> @@ -21,7 +21,7 @@
> int                attrsonly
> )
> {
> -       int     bsize, len, offset;
> +       int     bsize, len;
> char    *buf, *bp;
> char    line[BUFSIZ];
> Entry   *e;
> @@ -43,9 +43,7 @@
> len = strlen( line );
> while ( bp + len - buf > bsize ) {
> bsize += BUFSIZ;
> -                       offset = (int) (bp - buf);
> buf = (char *) ch_realloc( buf, bsize );
> -                       bp = buf + offset;
> }
> strcpy( bp, line );
> 
> > We have already double checke the other back-X directory in 
> > 1.2.7 and 1.2.9 and developement tree. back-ldbm's search.c got
> > it correctly. But in the development tree's servers/slapd/back-tcl's
> > tcl_modify.c(1) and tcl_util.c(2), there are similar problems.  
> > 
> > mei
> bp += len;
> 
> 
> 
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]