From e5bace3a74097cf4ae9d3f092da674e2aa30dffe Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Fri, 13 Oct 2006 17:54:52 +0000 Subject: Bug(s) fixed: 204623 Bug Description: deleting attributes when changing password causes server crash Reviewed by: nhosoi (Thanks!) Fix Description: From Michal: "The function mod2smod does not check for mod->mod_bvalues being NULL and tries to dereference it (modutil.c:370). This function happens to be called only by slapi_mods_get_{first,next}_smod(), which are in turn called only by check_trivial_words() in pw.c; this is why the crash appears only when checking password syntax." I added the same check for the mod_values case - even though the code says this should never be called, better to be safe than sorry. Platforms tested: RHEL4 --- ldap/servers/slapd/modutil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ldap/servers') diff --git a/ldap/servers/slapd/modutil.c b/ldap/servers/slapd/modutil.c index 47739318..e8b9ebf8 100644 --- a/ldap/servers/slapd/modutil.c +++ b/ldap/servers/slapd/modutil.c @@ -367,7 +367,7 @@ mod2smod (LDAPMod *mod, Slapi_Mod *smod) if (mod->mod_op & LDAP_MOD_BVALUES) { - while (mod->mod_bvalues[smod->num_values]) + while (mod->mod_bvalues && mod->mod_bvalues[smod->num_values]) { smod->num_values ++; } @@ -375,7 +375,7 @@ mod2smod (LDAPMod *mod, Slapi_Mod *smod) else { PR_ASSERT(0); /* ggood shouldn't ever use string values in server */ - while (mod->mod_values[smod->num_values]) + while (mod->mod_values && mod->mod_values[smod->num_values]) { smod->num_values ++; } -- cgit