From b89a1eae02412fcc13d8996645865b3359bb07cd Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 9 Jul 2010 20:26:57 -0500 Subject: Bug 613056 - fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 https://bugzilla.redhat.com/show_bug.cgi?id=613056 Resolves: bug 613056 Bug description: Fix coverify Defect Type: Null pointer dereferences issues 11892 - 11939 Fix description: Catch possible NULL pointer in value_cmp(). --- ldap/servers/plugins/syntaxes/value.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/ldap/servers/plugins/syntaxes/value.c b/ldap/servers/plugins/syntaxes/value.c index 9b048f30..70fa0978 100644 --- a/ldap/servers/plugins/syntaxes/value.c +++ b/ldap/servers/plugins/syntaxes/value.c @@ -249,6 +249,16 @@ value_cmp( int v1sign = 1, v2sign = 1; /* default to positive */ char *alt = NULL; + // check NULL values before normalization + if (!v1->bv_val) { + if (v2->bv_val) rc = -1; + goto done; + } + if (!v2->bv_val) { + rc = 1; + goto done; + } + /* This code used to call malloc up to four times in the copying * of attributes to be normalized. Now we attempt to keep everything * on the stack and only malloc if the data is big @@ -330,9 +340,21 @@ value_cmp( } } + if (normalize) { + // check NULL values after normalization + if (!v1->bv_val) { + if (v2->bv_val) rc = -1; + goto done; + } + if (!v2->bv_val) { + rc = 1; + goto done; + } + } + if (syntax & SYNTAX_INT) { - v1sign = v1->bv_val && (*v1->bv_val != '-'); - v2sign = v2->bv_val && (*v2->bv_val != '-'); + v1sign = *v1->bv_val != '-'; + v2sign = *v2->bv_val != '-'; rc = v1sign - v2sign; if (rc) { /* one is positive, one is negative */ goto done; -- cgit