|
|
df9752 |
From 3e34dcaf4899a5379d40d80f2eee7821b2604702 Mon Sep 17 00:00:00 2001
|
|
|
df9752 |
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
|
df9752 |
Date: Mon, 4 May 2015 14:06:43 -0700
|
|
|
df9752 |
Subject: [PATCH 67/72] Ticket #48146 - async simple paged results issue
|
|
|
df9752 |
|
|
|
df9752 |
Description: Invalid index could cause Invalid read.
|
|
|
df9752 |
|
|
|
df9752 |
https://fedorahosted.org/389/ticket/48146
|
|
|
df9752 |
(cherry picked from commit 8e21bfbe4fcac79cf39e5c6b579c4bc88e05257e)
|
|
|
df9752 |
---
|
|
|
df9752 |
ldap/servers/slapd/pagedresults.c | 8 ++++++++
|
|
|
df9752 |
1 file changed, 8 insertions(+)
|
|
|
df9752 |
|
|
|
df9752 |
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
|
|
|
df9752 |
index a3a5fc4..327da54 100644
|
|
|
df9752 |
--- a/ldap/servers/slapd/pagedresults.c
|
|
|
df9752 |
+++ b/ldap/servers/slapd/pagedresults.c
|
|
|
df9752 |
@@ -138,6 +138,13 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
|
|
|
df9752 |
memcpy(ptr, cookie.bv_val, cookie.bv_len);
|
|
|
df9752 |
*(ptr+cookie.bv_len) = '\0';
|
|
|
df9752 |
*index = strtol(ptr, NULL, 10);
|
|
|
df9752 |
+ if (conn->c_pagedresults.prl_maxlen <= *index) {
|
|
|
df9752 |
+ rc = LDAP_PROTOCOL_ERROR;
|
|
|
df9752 |
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
|
|
|
df9752 |
+ "pagedresults_parse_control_value: invalid cookie: %d\n",
|
|
|
df9752 |
+ *index);
|
|
|
df9752 |
+ goto bail;
|
|
|
df9752 |
+ }
|
|
|
df9752 |
slapi_ch_free_string(&ptr);
|
|
|
df9752 |
prp = conn->c_pagedresults.prl_list + *index;
|
|
|
df9752 |
if (!(prp->pr_search_result_set)) { /* freed and reused for the next backend. */
|
|
|
df9752 |
@@ -162,6 +169,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
|
|
|
df9752 |
"pagedresults_parse_control_value: invalid cookie: %d\n",
|
|
|
df9752 |
*index);
|
|
|
df9752 |
}
|
|
|
df9752 |
+bail:
|
|
|
df9752 |
PR_Unlock(conn->c_mutex);
|
|
|
df9752 |
|
|
|
df9752 |
LDAPDebug1Arg(LDAP_DEBUG_TRACE,
|
|
|
df9752 |
--
|
|
|
df9752 |
1.9.3
|
|
|
df9752 |
|