https://bugs.openldap.org/show_bug.cgi?id=10452
Issue ID: 10452
Summary: Potential NULL dereference in slap_acl_mask()
Product: OpenLDAP
Version: 2.6.8
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I've noticed potentially inconsistent NULL checks for the op->o_conn field in
function slap_acl_mask (source file openldap-2.6.8/servers/slapd/acl.c).
At first, op->o_conn is explicitly checked for NULL:
if ( op->o_conn && !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
ndn = op->o_conn->c_ndn;
} else {
ndn = op->o_ndn;
}
This suggests that op->o_conn may indeed be NULL in some scenarios.
However, right after that in the same function there are several unconditional
dereferences of op->o_conn without a preceding NULL check, for example:
if ( !op->o_conn->c_listener ) {
continue;
}
if ( !op->o_conn->c_peer_domain.bv_val ) {
continue;
}
if ( !op->o_conn->c_peer_name.bv_val ) {
continue;
}
Could you please clarify whether op->o_conn is guaranteed to be non-NULL
for all possible paths reaching these code sections?
If op->o_conn can indeed be NULL here, these dereferences may lead to
a NULL pointer dereference and would require additional checks.
If op->o_conn is guaranteed to be non-NULL by design, please confirm this (it
would also be useful to document this assumption explicitly).
Thank you.
--
You are receiving this mail because:
You are on the CC list for the issue.
