[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm vlv.c, 1.12, 1.13
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Wed Mar 14 16:36:15 UTC 2007
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15668
Modified Files:
vlv.c
Log Message:
Resolves: bug 231507
Bug Description: Modification of directory entries with VLV-indexed null-value attributes results in server crash
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
Fix Description: The value lowest_value is defined outside the loop that loops through all the attributes in the vlv sort specification (e.g. usually something like cn givenname o ou sn if defined by the console browsing index). lowest_value is not reset for each loop iteration. So if it goes through the loop one time for e.g. givenname, and givenname has values, lowest_value will point to the lowest value of givenname until the key is created, then it is freed. So the next loop iteration uses o, and if for example o does not have any values, lowest_value will point to the already freed memory used by the givenname iteration, which is now garbage (e.g. the lowest_value->bv_len may be very large, which is the probably cause of the malloc out of memory errors seen by the customer). The solution is to reset lowest_value to NULL before each loop iteration (I did this by moving the declaration and initialization of lowest_value inside the loop scope) and testing for lowest_va!
lue == NULL before trying to use it.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: vlv.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/vlv.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- vlv.c 7 Dec 2006 21:15:00 -0000 1.12
+++ vlv.c 14 Mar 2007 16:36:13 -0000 1.13
@@ -508,7 +508,7 @@
static struct vlv_key *
vlv_create_key(struct vlvIndex* p, struct backentry* e)
{
- struct berval val, *lowest_value = NULL;
+ struct berval val;
unsigned char char_min = 0x00;
unsigned char char_max = 0xFF;
struct vlv_key *key= vlv_key_new();
@@ -530,7 +530,7 @@
/* xxxPINAKI */
/* need to free some stuff! */
Slapi_Value **cvalue = NULL;
- struct berval **value = NULL;
+ struct berval **value = NULL, *lowest_value = NULL;
int free_value= 0;
if (attr != NULL && !valueset_isempty(&attr->a_present_values))
{
@@ -587,7 +587,7 @@
unsigned int i;
char *attributeValue = NULL;
/* Bug 605477 : Don't malloc 0 bytes */
- if (attr != NULL && lowest_value->bv_len != 0) {
+ if (attr != NULL && lowest_value && lowest_value->bv_len != 0) {
attributeValue = (char*)slapi_ch_malloc(lowest_value->bv_len);
for(i=0;i<lowest_value->bv_len;i++)
{
@@ -615,7 +615,7 @@
/* If the forward-sorted attribute is absent or has no
* value, we need to use the value of 0xFF.
*/
- if (attr != NULL && lowest_value->bv_len > 0) {
+ if (attr != NULL && lowest_value && lowest_value->bv_len > 0) {
vlv_key_addattr(key,lowest_value);
} else {
val.bv_val = (void*)&char_max;
More information about the Fedora-directory-commits
mailing list