[email protected] wrote: > Full_Name: Stef Walter > Version: 2.4.35 > OS: Fedora 18 > URL: > http://fedorapeople.org/~stefw/patches/openldap-01/0001-Fix-usage-of-uninitialized-memory-when-sending-cldap.patch > Submission from: (NULL) (77.3.95.123) > > > When sending a cldap (UDP) packet, like a search request, uninitialized memory > is accessed. This shows up in valgrind like this: > > ==31445== Conditional jump or move depends on uninitialised value(s) > ==31445== at 0x36632244E6: ldap_send_server_request (request.c:377) > ==31445== by 0x36632247C2: ldap_send_initial_request (request.c:166) > ==31445== by 0x36632142F8: ldap_pvt_search (search.c:128) > ==31445== by 0x366321454F: ldap_search_ext (search.c:69) > ==31445== by 0x400838: main (in /data/projects/openldap/frob-cldap-search) > ==31445== > > This is due to parsing the resulting packet to pull out a requestDN. UDP > packets > have different BER layout, and therefore the assumptions made when parsing the > outgoing request are invalid. > > It does not seem necessary to track the request DN for UDP packets. The linked > patch disables this code path for UDP packets. > > Patch which fixes the issue: > http://fedorapeople.org/~stefw/patches/openldap-01/0001-Fix-usage-of-uninitialized-memory-when-sending-cldap.patch > > Test code for the issue: > http://fedorapeople.org/~stefw/patches/openldap-01/frob-cldap-search.c > > Note that the test code doesn't detect the issue on its own (or do anything > useful). Use valgrind to detect the issue: > > $ gcc -o frob-cldap-search -Wall -lldap -llber frob-cldap-search.c > $ valgrind ./frob-cldap-search
Your patch doesn't fix the issue. The behavior under valgrind is unchanged either way. Seems you're missing a '!' in your test. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
