https://bugs.openldap.org/show_bug.cgi?id=9904
Issue ID: 9904 Summary: A Potential NPD Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: 1157401338@qq.com Target Milestone: ---
Created attachment 911 --> https://bugs.openldap.org/attachment.cgi?id=911&action=edit diagram of NPD
Hi, I found a NPD bug in the project source code of ldap, and I have shown the execution sequence of the program that may have generated the bug on a diagram,which is added to the attachment The red text illustrates the steps that created the bug the red arrows represent the call relationships the file path can be seen in the blue framed section.
additionally,at step 4 I do not expand more detail about why function ber_memalloc_x can return null(actually it can be seen as function malloc and the reason ber_memalloc_x return null is same with malloc),because there are many code snippet can be found in project source code that judge whether ber_memalloc_x return null and make further process if return value equal to null.
I look forward to your reply and thank you very much for your patience!
https://bugs.openldap.org/show_bug.cgi?id=9904
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST
--- Comment #1 from Howard Chu hyc@openldap.org --- Thanks for the report. An image file was not necessary for explaining the issue. Fixed in master.
https://bugs.openldap.org/show_bug.cgi?id=9904
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.14 Assignee|bugs@openldap.org |hyc@openldap.org Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=9904
--- Comment #2 from 1157401338@qq.com --- thank you for your effort.
similar potential bug of NPD can be found in master/libraries/libldap/url.c,definition of function "ldap_url_parsehosts"
step1: use strdup
step2: assign return value to field ludp->lud_host at line 1399
step3: derefer field ludp->lud_host in a call at 1432
code can be found in url (https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/u...)
https://bugs.openldap.org/show_bug.cgi?id=9904
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- head:
• ea8dd2d2 by Howard Chu at 2022-08-24T14:40:51+01:00 ITS#9904 ldif_open_url: check for ber_strdup failure
RE26:
• c5c8c06a by Howard Chu at 2022-08-24T18:22:42+00:00 ITS#9904 ldif_open_url: check for ber_strdup failure
RE25:
• 752d320c by Howard Chu at 2022-08-24T18:23:50+00:00 ITS#9904 ldif_open_url: check for ber_strdup failure
https://bugs.openldap.org/show_bug.cgi?id=9904
--- Comment #4 from Howard Chu hyc@openldap.org --- (In reply to 1157401338 from comment #2)
thank you for your effort.
similar potential bug of NPD can be found in master/libraries/libldap/url.c,definition of function "ldap_url_parsehosts"
Thanks, fixed in master. Note that this function is obsolete and the only thing that uses it was deprecated long ago.
https://bugs.openldap.org/show_bug.cgi?id=9904
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- head: • 3f2abd0b by Howard Chu at 2022-08-25T17:01:13+01:00 ITS#9904 ldap_url_parsehosts: check for strdup failure
RE26:
• 840944e2 by Howard Chu at 2022-08-29T16:38:51+00:00 ITS#9904 ldap_url_parsehosts: check for strdup failure
RE25:
• 6563fab9 by Howard Chu at 2022-08-29T16:39:49+00:00 ITS#9904 ldap_url_parsehosts: check for strdup failure
https://bugs.openldap.org/show_bug.cgi?id=9904
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org