https://bugs.openldap.org/show_bug.cgi?id=10317
Issue ID: 10317 Summary: Potential null-pointer-dereference Product: OpenLDAP Version: 2.5.6 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: 1367173408@qq.com Target Milestone: ---
Created attachment 1055 --> https://bugs.openldap.org/attachment.cgi?id=1055&action=edit execution trace
Hi, I have found a potential null pointer dereference bug in the project and would like to report it to the maintainers.
At line 836 in file `servers/slapd/backglue.c`, the function `glue_tool_inst` may return NULL.
Then, at line 765 in the same file, the pointer `on` receives the return value, which may be NULL. But `on` is dereferenced at line 766 without checking, which may lead to a null-pointer-dereference bug.
https://bugs.openldap.org/show_bug.cgi?id=10317
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
--- Comment #1 from Howard Chu hyc@openldap.org --- (In reply to 1367173408 from comment #0)
Created attachment 1055 [details] execution trace
Hi, I have found a potential null pointer dereference bug in the project and would like to report it to the maintainers.
At line 836 in file `servers/slapd/backglue.c`, the function `glue_tool_inst` may return NULL.
No, that never happens. This function looks for the instance of backglue on the overlay stack. This function would never be invoked if there was no instance.
Then, at line 765 in the same file, the pointer `on` receives the return value, which may be NULL. But `on` is dereferenced at line 766 without checking, which may lead to a null-pointer-dereference bug.
https://bugs.openldap.org/show_bug.cgi?id=10317
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org