summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathan Kinder <nkinder@redhat.com>2010-09-15 08:50:31 -0700
committerNathan Kinder <nkinder@redhat.com>2010-09-15 09:11:06 -0700
commit672f38f84a545678c7c84dfd723de292903ee19a (patch)
tree754edef540b468769e146a3087d87d33ffdeee01
parentf78a37579df8f9c60b4742019231b0dfa49a87a9 (diff)
downloadds-672f38f84a545678c7c84dfd723de292903ee19a.tar.gz
ds-672f38f84a545678c7c84dfd723de292903ee19a.tar.xz
ds-672f38f84a545678c7c84dfd723de292903ee19a.zip
Bug 630097 - (cov#15507,15508) NULL dereference in entryrdn code
In entryrdn_compare_dups(), we dereference the a and b parameters when initializing the elem_a and elem_b variables. We later perform NULL checks on both a and b, but a NULL would have triggered a crash. We should not dereference a or b until after the NULL checks are performed.
Diffstat
-rw-r--r--ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 20779994..f3474fa9 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -173,8 +173,8 @@ entryrdn_get_noancestorid()
int
entryrdn_compare_dups(DB *db, const DBT *a, const DBT *b)
{
- rdn_elem *elem_a = (rdn_elem *)a->data;
- rdn_elem *elem_b = (rdn_elem *)b->data;
+ rdn_elem *elem_a = NULL;
+ rdn_elem *elem_b = NULL;
int delta = 0;
if (NULL == a) {
@@ -187,6 +187,9 @@ entryrdn_compare_dups(DB *db, const DBT *a, const DBT *b)
return 1;
}
+ elem_a = (rdn_elem *)a->data;
+ elem_b = (rdn_elem *)b->data;
+
delta = strcmp((char *)elem_a->rdn_elem_nrdn_rdn,
(char *)elem_b->rdn_elem_nrdn_rdn);
generated by cgit (git 2.34.1) at 2024-04-19 20:13:48 +0000