diff options
author | Rich Megginson <rmeggins@redhat.com> | 2010-06-14 20:25:18 -0600 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2010-07-01 10:26:30 -0600 |
commit | 8632731df33fc3a91eb3cfecfb9c63d56cff23e8 (patch) | |
tree | 220a596dc9adcc2f104c3ed57d6b5e371ccf7c80 | |
parent | 1a47871230d6cd088e08b8af42072e2560b423ec (diff) | |
download | ds-8632731df33fc3a91eb3cfecfb9c63d56cff23e8.tar.gz ds-8632731df33fc3a91eb3cfecfb9c63d56cff23e8.tar.xz ds-8632731df33fc3a91eb3cfecfb9c63d56cff23e8.zip |
Bug 603942 - null deref in _ger_parse_control() for subjectdn389-ds-base-1.2.6.rc3
https://bugzilla.redhat.com/show_bug.cgi?id=603942
Resolves: bug 603942
Bug Description: null deref in _ger_parse_control() for subjectdn
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig. Also,check for NULL before doing strlen(orig).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 82625ebf670c0f234e8bcbf18420e84b325e359e)
-rw-r--r-- | ldap/servers/plugins/acl/acleffectiverights.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ldap/servers/plugins/acl/acleffectiverights.c b/ldap/servers/plugins/acl/acleffectiverights.c index acf856cc..013c0884 100644 --- a/ldap/servers/plugins/acl/acleffectiverights.c +++ b/ldap/servers/plugins/acl/acleffectiverights.c @@ -244,7 +244,7 @@ _ger_parse_control ( return LDAP_OPERATIONS_ERROR; } /* "a" means to allocate storage as needed for octet string */ - if ( ber_scanf (ber, "a", orig) == LBER_ERROR ) + if ( ber_scanf (ber, "a", &orig) == LBER_ERROR ) { aclutil_str_append ( errbuf, "get-effective-rights: invalid ber tag in the subject" ); slapi_log_error (SLAPI_LOG_FATAL, plugin_name, "%s\n", *errbuf ); @@ -259,7 +259,7 @@ _ger_parse_control ( * (see section 9 of RFC 2829) only. It also only supports the "dnAuthzId" * flavor, which looks like "dn:<DN>" where null <DN> is for anonymous. */ - subjectndnlen = strlen(orig); + subjectndnlen = orig ? strlen(orig) : 0; if ( NULL == orig || subjectndnlen < 3 || strncasecmp ( "dn:", orig, 3 ) != 0 ) { aclutil_str_append ( errbuf, "get-effective-rights: subject is not dnAuthzId" ); |