IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-kdb: add sentinel for LDAPDerefSpec allocation

Browse Source 
Without sentinel in place, ldap_create_deref_control_value executed
an invalid read in unallocated memory.
This commit is contained in:
Martin Kosek 2013-02-07 12:14:41 +01:00
parent 67d8b434c5
commit e234edc995
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
daemons/ipa-kdb/ipa_kdb_common.c
View File

@ -282,21 +282,22 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx,
krb5_error_code kerr; krb5_error_code kerr;
int times; int times;
int ret; int ret;
int c; int c, i;
for (c = 0; deref_attr_names[c]; c++) { for (c = 0; deref_attr_names[c]; c++) {
/* count */ ; /* count */ ;
} }
ds = calloc(c, sizeof(LDAPDerefSpec)); ds = calloc(c+1, sizeof(LDAPDerefSpec));
if (!ds) { if (!ds) {
return ENOMEM; return ENOMEM;
} }
for (c = 0; deref_attr_names[c]; c++) { for (i = 0; deref_attr_names[i]; i++) {
ds[c].derefAttr = deref_attr_names[c]; ds[i].derefAttr = deref_attr_names[i];
ds[c].attributes = deref_attrs; ds[i].attributes = deref_attrs;
} }
ds[c].derefAttr = NULL;
ret = ldap_create_deref_control_value(ipactx->lcontext, ds, &derefval); ret = ldap_create_deref_control_value(ipactx->lcontext, ds, &derefval);
if (ret != LDAP_SUCCESS) { if (ret != LDAP_SUCCESS) {