Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Bug 630097 - (cov#11933) Fix NULL dereference in schema code

There is a possibility of deferencing prevocp when it is NULL
the second time through the loop if the first pass was not a
standard objectclass definition and tmpocp != curlisthead.

I don't think that this issue is possible unless some other
thread was able to modify tmpocp->oc_next between where curlisthead
is set (schema.c:2654) and where nextocp is set (schema.c:2658) the
first time through the loop. That said, I see no harm in checking
if prevocp is NULL before attempting to dereference it.
Nathan Kinder 15 years ago
parent
9098fc70e0
commit
839e52c73e
1 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      ldap/servers/slapd/schema.c

+ 3 - 1
ldap/servers/slapd/schema.c
View File 

@@ -2653,7 +2653,9 @@ clean_up_and_return:
 
 				if ( tmpocp == curlisthead ) {
 
 					curlisthead = tmpocp->oc_next;
 
 				} else {
 
-					prevocp->oc_next = tmpocp->oc_next;
 
+					if (prevocp) {
 
+						prevocp->oc_next = tmpocp->oc_next;
 
+					}
 
 				}
 
 				nextocp = tmpocp->oc_next;
 
 				oc_free( &tmpocp );