Bug 630097 - (cov#11933) Fix NULL dereference in schema code

There is a possibility of deferencing prevocp when it is NULL the second time through the loop if the first pass was not a standard objectclass definition and tmpocp != curlisthead. I don't think that this issue is possible unless some other thread was able to modify tmpocp->oc_next between where curlisthead is set (schema.c:2654) and where nextocp is set (schema.c:2658) the first time through the loop. That said, I see no harm in checking if prevocp is NULL before attempting to dereference it.
author: Nathan Kinder <nkinder@redhat.com> 2010-09-13 09:20:21 -0700
committer: Nathan Kinder <nkinder@redhat.com> 2010-09-15 09:11:05 -0700
commit: 839e52c73e04e782c8069fe9c9e1aeea0b73a1c0 (patch)
tree: 9fe3dae85f2a2fecc30c9ab6eee3f1d91614f4cd
parent: 9098fc70e0ca0145acfccb928b8749fb6d5497a5 (diff)
download: ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.tar.gz
ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.tar.xz
ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index 6e2fefe7..14f3e765 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -2653,7 +2653,9 @@ clean_up_and_return:
 				if ( tmpocp == curlisthead ) {
 					curlisthead = tmpocp->oc_next;
 				} else {
-					prevocp->oc_next = tmpocp->oc_next;
+					if (prevocp) {
+						prevocp->oc_next = tmpocp->oc_next;
+					}
 				}
 				nextocp = tmpocp->oc_next;
 				oc_free( &tmpocp );
author	Nathan Kinder <nkinder@redhat.com>	2010-09-13 09:20:21 -0700
committer	Nathan Kinder <nkinder@redhat.com>	2010-09-15 09:11:05 -0700
commit	839e52c73e04e782c8069fe9c9e1aeea0b73a1c0 (patch)
tree	9fe3dae85f2a2fecc30c9ab6eee3f1d91614f4cd
parent	9098fc70e0ca0145acfccb928b8749fb6d5497a5 (diff)
download	ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.tar.gz ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.tar.xz ds-839e52c73e04e782c8069fe9c9e1aeea0b73a1c0.zip