fix pagedResults dangling pointer in parsing cookie (ITS#3089)

This commit is contained in:
Pierangelo Masarati 2004-06-21 17:49:03 +00:00
parent 52e8543b7b
commit 5ff789e379

View File

@ -843,10 +843,11 @@ static int parsePagedResults (
SlapReply *rs, SlapReply *rs,
LDAPControl *ctrl ) LDAPControl *ctrl )
{ {
ber_tag_t tag; int rc = LDAP_SUCCESS;
ber_int_t size; ber_tag_t tag;
BerElement *ber; ber_int_t size;
struct berval cookie = BER_BVNULL; BerElement *ber;
struct berval cookie = BER_BVNULL;
if ( op->o_pagedresults != SLAP_NO_CONTROL ) { if ( op->o_pagedresults != SLAP_NO_CONTROL ) {
rs->sr_text = "paged results control specified multiple times"; rs->sr_text = "paged results control specified multiple times";
@ -878,16 +879,17 @@ static int parsePagedResults (
} }
tag = ber_scanf( ber, "{im}", &size, &cookie ); tag = ber_scanf( ber, "{im}", &size, &cookie );
(void) ber_free( ber, 1 );
if( tag == LBER_ERROR ) { if( tag == LBER_ERROR ) {
rs->sr_text = "paged results control could not be decoded"; rs->sr_text = "paged results control could not be decoded";
return LDAP_PROTOCOL_ERROR; rc = LDAP_PROTOCOL_ERROR;
goto done;
} }
if( size < 0 ) { if( size < 0 ) {
rs->sr_text = "paged results control size invalid"; rs->sr_text = "paged results control size invalid";
return LDAP_PROTOCOL_ERROR; rc = LDAP_PROTOCOL_ERROR;
goto done;
} }
if( cookie.bv_len ) { if( cookie.bv_len ) {
@ -895,7 +897,8 @@ static int parsePagedResults (
if( cookie.bv_len != sizeof( reqcookie ) ) { if( cookie.bv_len != sizeof( reqcookie ) ) {
/* bad cookie */ /* bad cookie */
rs->sr_text = "paged results cookie is invalid"; rs->sr_text = "paged results cookie is invalid";
return LDAP_PROTOCOL_ERROR; rc = LDAP_PROTOCOL_ERROR;
goto done;
} }
AC_MEMCPY( &reqcookie, cookie.bv_val, sizeof( reqcookie )); AC_MEMCPY( &reqcookie, cookie.bv_val, sizeof( reqcookie ));
@ -903,11 +906,13 @@ static int parsePagedResults (
if ( reqcookie > op->o_pagedresults_state.ps_cookie ) { if ( reqcookie > op->o_pagedresults_state.ps_cookie ) {
/* bad cookie */ /* bad cookie */
rs->sr_text = "paged results cookie is invalid"; rs->sr_text = "paged results cookie is invalid";
return LDAP_PROTOCOL_ERROR; rc = LDAP_PROTOCOL_ERROR;
goto done;
} else if ( reqcookie < op->o_pagedresults_state.ps_cookie ) { } else if ( reqcookie < op->o_pagedresults_state.ps_cookie ) {
rs->sr_text = "paged results cookie is invalid or old"; rs->sr_text = "paged results cookie is invalid or old";
return LDAP_UNWILLING_TO_PERFORM; rc = LDAP_UNWILLING_TO_PERFORM;
goto done;
} }
} else { } else {
@ -937,7 +942,9 @@ static int parsePagedResults (
op->o_pagedresults = SLAP_NONCRITICAL_CONTROL; op->o_pagedresults = SLAP_NONCRITICAL_CONTROL;
} }
return LDAP_SUCCESS; done:;
(void)ber_free( ber, 1 );
return rc;
} }
static int parseAssert ( static int parseAssert (