Леонид Юрьев wrote:
(2) But let see to lines 570-575 of mdb-back/attr.c and lines 764-772 of slapd/ad.c:
- does the mdb-value include a NUL byte =
https://github.com/leo-yuriev/openldap-lmdb-challenge/blob/2.4-devel/servers...
- if "YES" then "+1" at slapd/ad.c:764 is wrong =
https://github.com/leo-yuriev/openldap-lmdb-challenge/blob/2.4-devel/servers...
- but if "NO" then "strcpy()" at slapd/ad.c:772 (and more) is wrong =
https://github.com/leo-yuriev/openldap-lmdb-challenge/blob/2.4-devel/servers...
And the answer is no, back-mdb/attr.c mdb_ad_get() doesn't store the trailing NUL byte,
diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c index 246b900..fd60483 100644 --- a/servers/slapd/ad.c +++ b/servers/slapd/ad.c @@ -118,7 +118,7 @@ AttributeDescription * ad_find_tags( for (ad = type->sat_ad; ad; ad=ad->ad_next) { if (ad->ad_tags.bv_len == tags->bv_len &&
!strcasecmp(ad->ad_tags.bv_val, tags->bv_val))
!strncasecmp( ad->ad_tags.bv_val, tags->bv_val, ad->ad_tags.bv_len )) break;
Unnecessary.
ldap_pvt_thread_mutex_unlock( &type->sat_ad_mutex ); @@ -742,14 +742,13 @@ int slap_bv2undef_ad( /* use the appropriate type */ if ( flags & SLAP_AD_PROXIED ) { at = slap_schema.si_at_proxied;
} else { at = slap_schema.si_at_undefined; }
for( desc = at->sat_ad; desc; desc=desc->ad_next ) { if( desc->ad_cname.bv_len == bv->bv_len &&
!strcasecmp( desc->ad_cname.bv_val, bv->bv_val ) )
!strncasecmp( desc->ad_cname.bv_val, bv->bv_val, desc->ad_cname.bv_len) )
Unnecessary. We've already checked that the two lengths are equal; even if bv->bv_val is non-terminated the compare will stop because desc->ad_cname is terminated.
{ break; }@@ -769,7 +768,8 @@ int slap_bv2undef_ad(
desc->ad_cname.bv_len = bv->bv_len; desc->ad_cname.bv_val = (char *)(desc+1);
strcpy(desc->ad_cname.bv_val, bv->bv_val);
strncpy( desc->ad_cname.bv_val, bv->bv_val, desc->ad_cname.bv_len )[desc->ad_cname.bv_len] = '\0';
This is a valid fix.
/* canonical to upper case */ ldap_pvt_str2upper( desc->ad_cname.bv_val );@@ -806,9 +806,10 @@ slap_bv2tmp_ad( slap_sl_mfuncs.bmf_malloc( sizeof(AttributeDescription) + bv->bv_len + 1, memctx );
- ad->ad_cname.bv_val = (char *)(ad+1);
- strncpy( ad->ad_cname.bv_val, bv->bv_val, bv->bv_len+1 ); ad->ad_cname.bv_len = bv->bv_len;
- ad->ad_cname.bv_val = (char *)(ad+1);
- strncpy( ad->ad_cname.bv_val, bv->bv_val, ad->ad_cname.bv_len)
[ad->ad_cname.bv_len] = '\0';
Unnecessary.
@@ -887,7 +888,7 @@ an_find(
for ( ; a->an_name.bv_val; a++ ) { if ( a->an_name.bv_len != s->bv_len) continue;
if ( strcasecmp( s->bv_val, a->an_name.bv_val ) == 0 ) {
if ( strncasecmp( s->bv_val, a->an_name.bv_val, s->bv_len ) == 0 ) { return( 1 );
Unnecessary.
-
hyc@symas.com