IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-28 09:06:44 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-kdb: add sentinel for LDAPDerefSpec allocation

Browse Source 
Without sentinel in place, ldap_create_deref_control_value executed
an invalid read in unallocated memory.
This commit is contained in:
Martin Kosek 2013-02-07 12:14:41 +01:00
parent 67d8b434c5
commit e234edc995
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
daemons/ipa-kdb/ipa_kdb_common.c
View File

@ -282,21 +282,22 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx,
krb5_error_code kerr;
int times;
int ret;
int c;
int c, i;
for (c = 0; deref_attr_names[c]; c++) {
/* count */ ;
}
ds = calloc(c, sizeof(LDAPDerefSpec));
ds = calloc(c+1, sizeof(LDAPDerefSpec));
if (!ds) {
return ENOMEM;
}
for (c = 0; deref_attr_names[c]; c++) {
ds[c].derefAttr = deref_attr_names[c];
ds[c].attributes = deref_attrs;
for (i = 0; deref_attr_names[i]; i++) {
ds[i].derefAttr = deref_attr_names[i];
ds[i].attributes = deref_attrs;
}
ds[c].derefAttr = NULL;
ret = ldap_create_deref_control_value(ipactx->lcontext, ds, &derefval);
if (ret != LDAP_SUCCESS) {