diff options
author | Rich Megginson <rmeggins@redhat.com> | 2010-10-01 16:38:04 -0600 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2010-10-01 17:01:57 -0600 |
commit | 4f410d762b008da8e2e43e29100c2c04ff332fbb (patch) | |
tree | 6723ef832b034bda64cc691d252b42e522718bfa /ldap/servers/slapd/back-ldbm | |
parent | a82f61269d69882d19b15def70de68906ed5740e (diff) | |
download | ds-4f410d762b008da8e2e43e29100c2c04ff332fbb.tar.gz ds-4f410d762b008da8e2e43e29100c2c04ff332fbb.tar.xz ds-4f410d762b008da8e2e43e29100c2c04ff332fbb.zip |
openldap ber_init will assert if the bv->bv_val is NULL
Have to ensure that all usage of ber_init in the server checks to see if
the bv->bv_val is non-NULL before using ber_init, and return the appropriate
error if it is NULL
Also fixed a problem in dna_extend_exop - would not send the ldap result to
the client in certain error conditions
Reviewed by: nhosoi (Thanks!)
Tested on: RHEL5 x86_64
Diffstat (limited to 'ldap/servers/slapd/back-ldbm')
-rw-r--r-- | ldap/servers/slapd/back-ldbm/sort.c | 4 | ||||
-rw-r--r-- | ldap/servers/slapd/back-ldbm/vlv.c | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/ldap/servers/slapd/back-ldbm/sort.c b/ldap/servers/slapd/back-ldbm/sort.c index 10d44170..7a2a9c97 100644 --- a/ldap/servers/slapd/back-ldbm/sort.c +++ b/ldap/servers/slapd/back-ldbm/sort.c @@ -299,6 +299,10 @@ int parse_sort_spec(struct berval *sort_spec_ber, sort_spec **ps) char *matchrule = NULL; int rc = LDAP_SUCCESS; + if (NULL == sort_spec_ber->bv_val) { + return LDAP_PROTOCOL_ERROR; + } + ber = ber_init(sort_spec_ber); if(ber==NULL) { diff --git a/ldap/servers/slapd/back-ldbm/vlv.c b/ldap/servers/slapd/back-ldbm/vlv.c index 163d8a64..c68ce642 100644 --- a/ldap/servers/slapd/back-ldbm/vlv.c +++ b/ldap/servers/slapd/back-ldbm/vlv.c @@ -1846,6 +1846,12 @@ vlv_parse_request_control( backend *be, struct berval *vlv_spec_ber,struct vlv_r vlvp->value.bv_len = 0; vlvp->value.bv_val = NULL; + if (NULL == vlv_spec_ber->bv_val) + { + return_value= LDAP_OPERATIONS_ERROR; + return return_value; + } + ber = ber_init(vlv_spec_ber); if (ber_scanf(ber, "{ii", &vlvp->beforeCount, &vlvp->afterCount) == LBER_ERROR) { |