diff options
author | Nathan Kinder <nkinder@redhat.com> | 2010-09-13 09:20:21 -0700 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2010-09-15 09:11:05 -0700 |
commit | 839e52c73e04e782c8069fe9c9e1aeea0b73a1c0 (patch) | |
tree | 9fe3dae85f2a2fecc30c9ab6eee3f1d91614f4cd /ldap/servers/slapd | |
parent | 9098fc70e0ca0145acfccb928b8749fb6d5497a5 (diff) | |
download | ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.tar.gz ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.tar.xz ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.zip |
Bug 630097 - (cov#11933) Fix NULL dereference in schema code
There is a possibility of deferencing prevocp when it is NULL
the second time through the loop if the first pass was not a
standard objectclass definition and tmpocp != curlisthead.
I don't think that this issue is possible unless some other
thread was able to modify tmpocp->oc_next between where curlisthead
is set (schema.c:2654) and where nextocp is set (schema.c:2658) the
first time through the loop. That said, I see no harm in checking
if prevocp is NULL before attempting to dereference it.
Diffstat (limited to 'ldap/servers/slapd')
-rw-r--r-- | ldap/servers/slapd/schema.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c index 6e2fefe7..14f3e765 100644 --- a/ldap/servers/slapd/schema.c +++ b/ldap/servers/slapd/schema.c @@ -2653,7 +2653,9 @@ clean_up_and_return: if ( tmpocp == curlisthead ) { curlisthead = tmpocp->oc_next; } else { - prevocp->oc_next = tmpocp->oc_next; + if (prevocp) { + prevocp->oc_next = tmpocp->oc_next; + } } nextocp = tmpocp->oc_next; oc_free( &tmpocp ); |