diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-02-07 12:14:41 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-02-12 10:37:13 +0100 |
| commit | e234edc9957cd1f530b1eff632774a7e09dc1e18 (patch) | |
| tree | a4b72f03ad9099fc20e158218214c0e15a0bca3e /daemons/ipa-kdb | |
| parent | 67d8b434c5272fd47d2e168c2b97077c70c016c2 (diff) | |
| download | freeipa-e234edc9957cd1f530b1eff632774a7e09dc1e18.tar.gz freeipa-e234edc9957cd1f530b1eff632774a7e09dc1e18.tar.xz freeipa-e234edc9957cd1f530b1eff632774a7e09dc1e18.zip | |
ipa-kdb: add sentinel for LDAPDerefSpec allocation
Without sentinel in place, ldap_create_deref_control_value executed
an invalid read in unallocated memory.
Diffstat (limited to 'daemons/ipa-kdb')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_common.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c index 18e159090..e04bae667 100644 --- a/daemons/ipa-kdb/ipa_kdb_common.c +++ b/daemons/ipa-kdb/ipa_kdb_common.c @@ -282,21 +282,22 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, krb5_error_code kerr; int times; int ret; - int c; + int c, i; for (c = 0; deref_attr_names[c]; c++) { /* count */ ; } - ds = calloc(c, sizeof(LDAPDerefSpec)); + ds = calloc(c+1, sizeof(LDAPDerefSpec)); if (!ds) { return ENOMEM; } - for (c = 0; deref_attr_names[c]; c++) { - ds[c].derefAttr = deref_attr_names[c]; - ds[c].attributes = deref_attrs; + for (i = 0; deref_attr_names[i]; i++) { + ds[i].derefAttr = deref_attr_names[i]; + ds[i].attributes = deref_attrs; } + ds[c].derefAttr = NULL; ret = ldap_create_deref_control_value(ipactx->lcontext, ds, &derefval); if (ret != LDAP_SUCCESS) { |