From 2db9e60eab61f7f2677214f01a14cc2275a9c590 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Mon, 14 Jul 2014 10:47:52 -0400 Subject: [PATCH] Ticket 47858 - Internal searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can crash the server Bug Description: If an internal search uses OP_FLAG_REVERSE_CANDIDATE_ORDER, and the search fails tro find any candidates the server will crash. Fix Description: Make sure we do not dereference a NULL sr_candidates pointer in ldbm_search(). https://fedorahosted.org/389/ticket/47858 Reviewed by: ? --- ldap/servers/slapd/back-ldbm/ldbm_search.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c index 6dff1f5..f1375a5 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_search.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c @@ -1450,7 +1450,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension ) * search can enter this function multiple times, we need to keep track * of our state, and only initialize sr_current once. */ - if(!op->o_reverse_search_state){ + if(!op->o_reverse_search_state && sr->sr_candidates){ sr->sr_current = sr->sr_candidates->b_nids; op->o_reverse_search_state = REV_STARTED; } -- 1.9.3