Commit 38c92a11 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

LDAPworld P10: SLAPD Index corruption

parent 221db1f1
...@@ -3,7 +3,6 @@ ...@@ -3,7 +3,6 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/socket.h>
#include "slap.h" #include "slap.h"
#include "back-ldbm.h" #include "back-ldbm.h"
...@@ -130,25 +129,26 @@ index_read( ...@@ -130,25 +129,26 @@ index_read(
realval = val; realval = val;
tmpval = NULL; tmpval = NULL;
if ( prefix != '\0' ) { if ( prefix != '\0' ) {
int len; int len = strlen( val );
if ( (len = strlen( val )) < sizeof(buf) ) { if ( (len + 2) < sizeof(buf) ) {
buf[0] = prefix;
strcpy( &buf[1], val );
realval = buf; realval = buf;
} else { } else {
/* value + prefix + null */ /* value + prefix + null */
tmpval = (char *) ch_malloc( len + 2 ); tmpval = (char *) ch_malloc( len + 2 );
tmpval[0] = prefix;
strcat( &tmpval[1], val );
realval = tmpval; realval = tmpval;
} }
realval[0] = prefix;
strcpy( &realval[1], val );
} }
key.dptr = realval; key.dptr = realval;
key.dsize = strlen( realval ) + 1; key.dsize = strlen( realval ) + 1;
idl = idl_fetch( be, db, key ); idl = idl_fetch( be, db, key );
if ( tmpval != NULL ) {
free( tmpval );
}
ldbm_cache_close( be, db ); ldbm_cache_close( be, db );
...@@ -181,19 +181,17 @@ add_value( ...@@ -181,19 +181,17 @@ add_value(
tmpval = NULL; tmpval = NULL;
idl = NULL; idl = NULL;
if ( prefix != '\0' ) { if ( prefix != '\0' ) {
int len; int len = strlen( val );
if ( (len = strlen( val )) < sizeof(buf) ) { if ( (len + 2) < sizeof(buf) ) {
buf[0] = prefix;
strcpy( &buf[1], val );
realval = buf; realval = buf;
} else { } else {
/* value + prefix + null */ /* value + prefix + null */
tmpval = (char *) ch_malloc( len + 2 ); tmpval = (char *) ch_malloc( len + 2 );
tmpval[0] = prefix;
strcat( &tmpval[1], val );
realval = tmpval; realval = tmpval;
} }
realval[0] = prefix;
strcpy( &realval[1], val );
} }
key.dptr = realval; key.dptr = realval;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment