From aa6561d02969ce1db1a50da2b8af8679f6aeca69 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Fri, 5 Jun 2015 10:13:17 -0700 Subject: [PATCH 71/72] Ticket #48192 - Individual abandoned simple paged results request has no chance to be cleaned up Description: Checking the cookie value passed by the client was not sufficient. The negative value check was missing, which lead to the simple paged results array out of bounds. Plus, a minor memory leak was fixed. Thanks to Thierry Bordaz for his reviews! https://fedorahosted.org/389/ticket/48192 (cherry picked from commit 298371d372678cf553594ae73ae57a6ea35358bf) (cherry picked from commit 7718eb6a6714d1a284c3c706e621a7eb0ca5655a) --- ldap/servers/slapd/pagedresults.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c index 402dd10..2e70e19 100644 --- a/ldap/servers/slapd/pagedresults.c +++ b/ldap/servers/slapd/pagedresults.c @@ -177,14 +177,14 @@ pagedresults_parse_control_value( Slapi_PBlock *pb, memcpy(ptr, cookie.bv_val, cookie.bv_len); *(ptr+cookie.bv_len) = '\0'; *index = strtol(ptr, NULL, 10); - if (conn->c_pagedresults.prl_maxlen <= *index) { + slapi_ch_free_string(&ptr); + if ((conn->c_pagedresults.prl_maxlen <= *index) || (*index < 0)){ rc = LDAP_PROTOCOL_ERROR; LDAPDebug1Arg(LDAP_DEBUG_ANY, "pagedresults_parse_control_value: invalid cookie: %d\n", *index); goto bail; } - slapi_ch_free_string(&ptr); prp = conn->c_pagedresults.prl_list + *index; if (!(prp->pr_search_result_set)) { /* freed and reused for the next backend. */ conn->c_pagedresults.prl_count++; -- 1.9.3