Bug 630097 - (cov#15464) NULL dereference in repl code

If the attr parameter that is passed to my_ber_scanf_attr() is NULL, we jump to the loser label where we clean up memory we may have allocated. We dereference attr without first checking if it is NULL in this clean-up code. We need to check if attr is NULL before dereferencing it.
author: Nathan Kinder <nkinder@redhat.com> 2010-09-14 11:43:09 -0700
committer: Nathan Kinder <nkinder@redhat.com> 2010-09-15 09:11:05 -0700
commit: 09653dc9d5719d171d71c2b92c9fe8bff94ed4b6 (patch)
tree: 7b7bef8ff97d0f8a3d8b7f90f2abc25522d703d8
parent: 30d6b1ea5c6a7f1f774bb86bea0d995cd9e45f20 (diff)
download: ds-09653dc9d5719d171d71c2b92c9fe8bff94ed4b6.tar.gz
ds-09653dc9d5719d171d71c2b92c9fe8bff94ed4b6.tar.xz
ds-09653dc9d5719d171d71c2b92c9fe8bff94ed4b6.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ldap/servers/plugins/replication/repl5_total.c b/ldap/servers/plugins/replication/repl5_total.c
index 5bf37428..d2987cdb 100644
--- a/ldap/servers/plugins/replication/repl5_total.c
+++ b/ldap/servers/plugins/replication/repl5_total.c
@@ -689,7 +689,7 @@ my_ber_scanf_attr (BerElement *ber, Slapi_Attr **attr, PRBool *deleted)
 
     return 0;
 loser:
-    if (*attr)
+    if (attr && *attr)
         slapi_attr_free (attr);
     if (value)
         slapi_value_free (&value);
author	Nathan Kinder <nkinder@redhat.com>	2010-09-14 11:43:09 -0700
committer	Nathan Kinder <nkinder@redhat.com>	2010-09-15 09:11:05 -0700
commit	09653dc9d5719d171d71c2b92c9fe8bff94ed4b6 (patch)
tree	7b7bef8ff97d0f8a3d8b7f90f2abc25522d703d8
parent	30d6b1ea5c6a7f1f774bb86bea0d995cd9e45f20 (diff)
download	ds-09653dc9d5719d171d71c2b92c9fe8bff94ed4b6.tar.gz ds-09653dc9d5719d171d71c2b92c9fe8bff94ed4b6.tar.xz ds-09653dc9d5719d171d71c2b92c9fe8bff94ed4b6.zip