lists.arthurdejong.org
RSS feed

[PATCH] Allocate ldap_conncb on heap

[Date Prev][Date Next] [Thread Prev][Thread Next]

[PATCH] Allocate ldap_conncb on heap



ldap_set_option does not do a deep-copy of the "invalue" parameter,
it just copies the pointer when LDAP_OPT_CONNECT_CB is used.  But the
"struct ldap_conncb" variable was allocated on the stack which resulted
in openldap's ll_data pointer to point to garbage and nslcd crashed.

The attached patch allocates struct ldap_conncb on the heap as a struct
ldap_session member.
>From 03b1effeedb7a70e2ade528a06869ae13365ab85 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 26 Aug 2011 16:37:09 +0200
Subject: [PATCH] Allocate ldap_conncb on heap

---
 nslcd/myldap.c |   20 +++++++++++++-------
 1 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 4ed9ae2..d16f519 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -97,6 +97,9 @@ struct ldap_session
   int current_uri;
   /* a list of searches registered with this session */
   struct myldap_search *searches[MAX_SEARCHES_IN_SESSION];
+#ifdef LDAP_OPT_CONNECT_CB
+  struct ldap_conncb *cb;
+#endif /* LDAP_OPT_CONNECT_CB */
 };
 
 /* A search description set as returned by myldap_search(). */
@@ -276,6 +279,9 @@ static MYLDAP_SESSION *myldap_session_new(void)
   session->bindpw[0]='\0';
   session->lastactivity=0;
   session->current_uri=0;
+#ifdef LDAP_OPT_CONNECT_CB
+  session->cb = NULL;
+#endif /* LDAP_OPT_CONNECT_CB */
   for (i=0;i<MAX_SEARCHES_IN_SESSION;i++)
     session->searches[i]=NULL;
   /* return the new session */
@@ -537,9 +543,6 @@ static int do_set_options(MYLDAP_SESSION *session)
   /* FIXME: move this to a global initialisation routine */
   int rc;
   struct timeval tv;
-#ifdef LDAP_OPT_CONNECT_CB
-  struct ldap_conncb cb;
-#endif /* LDAP_OPT_CONNECT_CB */
 #ifdef LDAP_OPT_X_TLS
   int i;
 #endif /* LDAP_OPT_X_TLS */
@@ -588,10 +591,12 @@ static int do_set_options(MYLDAP_SESSION *session)
   
LDAP_SET_OPTION(session->ld,LDAP_OPT_RESTART,nslcd_cfg->ldc_restart?LDAP_OPT_ON:LDAP_OPT_OFF);
 #ifdef LDAP_OPT_CONNECT_CB
   /* register a connection callback */
-  cb.lc_add=connect_cb;
-  cb.lc_del=disconnect_cb;
-  cb.lc_arg=NULL;
-  LDAP_SET_OPTION(session->ld,LDAP_OPT_CONNECT_CB,(void *)&cb);
+  session->cb = malloc(sizeof(struct ldap_conncb));
+  if (!session->cb) return LDAP_NO_MEMORY;
+  session->cb->lc_add=connect_cb;
+  session->cb->lc_del=disconnect_cb;
+  session->cb->lc_arg=NULL;
+  LDAP_SET_OPTION(session->ld,LDAP_OPT_CONNECT_CB,(void *)session->cb);
 #endif /* LDAP_OPT_CONNECT_CB */
 #ifdef LDAP_OPT_X_TLS
   /* if SSL is desired, then enable it */
@@ -853,6 +858,7 @@ void myldap_session_close(MYLDAP_SESSION *session)
   /* close any open connections */
   do_close(session);
   /* free allocated memory */
+  free(session->cb);
   free(session);
 }
 
-- 
1.7.6

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users