<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><a class="moz-txt-link-freetext" href="https://fedorahosted.org/389/ticket/603">https://fedorahosted.org/389/ticket/603</a><br>
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/389/attachment/ticket/603/0001-Ticket-603-A-logic-error-in-str2simple.patch">https://fedorahosted.org/389/attachment/ticket/603/0001-Ticket-603-A-logic-error-in-str2simple.patch</a><br>
<br>
<p>
Fix description: str2simple sets the strdup'ed type this way:<br>
</p>
<blockquote>
<p>
if ( f->f_choice == LDAP_FILTER_PRESENT ) {<br>
</p>
<blockquote>
<p>
f->f_type = slapi_ch_strdup( str );<br>
</p>
</blockquote>
<p>
} else if ( unescape_filter ) {<br>
</p>
<blockquote>
<p>
f->f_avtype = slapi_ch_strdup( str );<br>
</p>
</blockquote>
<p>
} if ( !unescape_filter ) { <br>
</p>
<blockquote>
<p>
f->f_avtype = slapi_ch_strdup( str );<br>
</p>
</blockquote>
<p>
} <br>
</p>
</blockquote>
<p>
If f_choice is LDAP_FILTER_PRESENT and !unescape_filter is<br>
true, the first strdup'ed string is leaked since f_type<br>
and f_avtype share the same memory. But currently, str2simple<br>
is not called with (unescape_filter == 0). Thus there is no<br>
chance to satisfy the condition. This patch fixes the flaw.</p>
<br>
</div>
</body>
</html>