From: Pierangelo Masarati Date: Mon, 8 Aug 2005 19:49:48 +0000 (+0000) Subject: ITS#3914 bug was very close to that leak: rwm_dnattr_rewrite() already freed the... X-Git-Tag: OPENLDAP_AC_BP~45 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=64af435895fdfb765b3d2a36f63bba233c4562f0;p=openldap ITS#3914 bug was very close to that leak: rwm_dnattr_rewrite() already freed the original value (all this stuff may need work) --- diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c index 19c18add90..ebe9815438 100644 --- a/servers/slapd/overlays/rwm.c +++ b/servers/slapd/overlays/rwm.c @@ -368,7 +368,10 @@ rwm_op_compare( Operation *op, SlapReply *rs ) } if ( mapped_vals[ 0 ].bv_val != op->orc_ava->aa_value.bv_val ) { - ber_bvreplace_x( &op->orc_ava->aa_value, &mapped_vals[0], + /* NOTE: if we get here, rwm_dnattr_rewrite() + * already freed the old value, so now + * it's invalid */ + ber_dupbv_x( &op->orc_ava->aa_value, &mapped_vals[0], op->o_tmpmemctx ); ber_memfree_x( mapped_vals[ 0 ].bv_val, NULL ); }