summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRich Megginson <rmeggins@redhat.com>2010-06-14 20:25:18 -0600
committerRich Megginson <rmeggins@redhat.com>2010-06-23 11:48:24 -0600
commit82625ebf670c0f234e8bcbf18420e84b325e359e (patch)
treed5705a55ec5d7b91df6252883fdc39c741bbaf4b
parentc28fcadfc7812108573e40f13624e11a5a8609e5 (diff)
downloadds-82625ebf670c0f234e8bcbf18420e84b325e359e.tar.gz
ds-82625ebf670c0f234e8bcbf18420e84b325e359e.tar.xz
ds-82625ebf670c0f234e8bcbf18420e84b325e359e.zip
Bug 603942 - null deref in _ger_parse_control() for subjectdnDirectory_Server_8_2_Candidate_20100701
https://bugzilla.redhat.com/show_bug.cgi?id=603942 Resolves: bug 603942 Bug Description: null deref in _ger_parse_control() for subjectdn Reviewed by: nkinder (Thanks!) Branch: Directory_Server_8_2_Branch Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig. Also,check for NULL before doing strlen(orig). Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
Diffstat
-rw-r--r--ldap/servers/plugins/acl/acleffectiverights.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/ldap/servers/plugins/acl/acleffectiverights.c b/ldap/servers/plugins/acl/acleffectiverights.c
index acf856cc..013c0884 100644
--- a/ldap/servers/plugins/acl/acleffectiverights.c
+++ b/ldap/servers/plugins/acl/acleffectiverights.c
@@ -244,7 +244,7 @@ _ger_parse_control (
return LDAP_OPERATIONS_ERROR;
}
/* "a" means to allocate storage as needed for octet string */
- if ( ber_scanf (ber, "a", orig) == LBER_ERROR )
+ if ( ber_scanf (ber, "a", &orig) == LBER_ERROR )
{
aclutil_str_append ( errbuf, "get-effective-rights: invalid ber tag in the subject" );
slapi_log_error (SLAPI_LOG_FATAL, plugin_name, "%s\n", *errbuf );
@@ -259,7 +259,7 @@ _ger_parse_control (
* (see section 9 of RFC 2829) only. It also only supports the "dnAuthzId"
* flavor, which looks like "dn:<DN>" where null <DN> is for anonymous.
*/
- subjectndnlen = strlen(orig);
+ subjectndnlen = orig ? strlen(orig) : 0;
if ( NULL == orig || subjectndnlen < 3 || strncasecmp ( "dn:", orig, 3 ) != 0 )
{
aclutil_str_append ( errbuf, "get-effective-rights: subject is not dnAuthzId" );
generated by cgit (git 2.34.1) at 2024-05-19 16:27:21 +0000