From 672f38f84a545678c7c84dfd723de292903ee19a Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Wed, 15 Sep 2010 08:50:31 -0700 Subject: Bug 630097 - (cov#15507,15508) NULL dereference in entryrdn code In entryrdn_compare_dups(), we dereference the a and b parameters when initializing the elem_a and elem_b variables. We later perform NULL checks on both a and b, but a NULL would have triggered a crash. We should not dereference a or b until after the NULL checks are performed. --- ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c index 20779994..f3474fa9 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c @@ -173,8 +173,8 @@ entryrdn_get_noancestorid() int entryrdn_compare_dups(DB *db, const DBT *a, const DBT *b) { - rdn_elem *elem_a = (rdn_elem *)a->data; - rdn_elem *elem_b = (rdn_elem *)b->data; + rdn_elem *elem_a = NULL; + rdn_elem *elem_b = NULL; int delta = 0; if (NULL == a) { @@ -187,6 +187,9 @@ entryrdn_compare_dups(DB *db, const DBT *a, const DBT *b) return 1; } + elem_a = (rdn_elem *)a->data; + elem_b = (rdn_elem *)b->data; + delta = strcmp((char *)elem_a->rdn_elem_nrdn_rdn, (char *)elem_b->rdn_elem_nrdn_rdn); -- cgit