LDAPworld P10: SLAPD Index corruption

38c92a11 · Kurt Zeilenga · 221db1f1 · 38c92a11
Commit 38c92a11 authored Aug 09, 1998 by Kurt Zeilenga
--- a/servers/slapd/back-ldbm/index.c
+++ b/servers/slapd/back-ldbm/index.c
@@ -3,7 +3,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
-#include <sys/socket.h>
 #include "slap.h"
 #include "back-ldbm.h"
@@ -130,25 +129,26 @@ index_read(
 	realval = val;
 	tmpval = NULL;
 	if ( prefix != '\0' ) {
-		int	len;
+              int     len = strlen( val );
-		if ( (len = strlen( val )) < sizeof(buf) ) {
+              if ( (len + 2) < sizeof(buf) ) {
-			buf[0] = prefix;
-			strcpy( &buf[1], val );
 			realval = buf;
 		} else {
 			/* value + prefix + null */
 			tmpval = (char *) ch_malloc( len + 2 );
-			tmpval[0] = prefix;
-			strcat( &tmpval[1], val );
 			realval = tmpval;
 		}
+              realval[0] = prefix;
+              strcpy( &realval[1], val );
 	}
 	key.dptr = realval;
 	key.dsize = strlen( realval ) + 1;
 	idl = idl_fetch( be, db, key );
+      if ( tmpval != NULL ) {
+              free( tmpval );
+      }
 	ldbm_cache_close( be, db );
@@ -181,19 +181,17 @@ add_value(
 	tmpval = NULL;
 	idl = NULL;
 	if ( prefix != '\0' ) {
-		int	len;
+              int     len = strlen( val );
-		if ( (len = strlen( val )) < sizeof(buf) ) {
+              if ( (len + 2) < sizeof(buf) ) {
-			buf[0] = prefix;
-			strcpy( &buf[1], val );
 			realval = buf;
 		} else {
 			/* value + prefix + null */
 			tmpval = (char *) ch_malloc( len + 2 );
-			tmpval[0] = prefix;
-			strcat( &tmpval[1], val );
 			realval = tmpval;
 		}
+              realval[0] = prefix;
+              strcpy( &realval[1], val );
 	}
 	key.dptr = realval;