ldap/servers/slapd/back-ldbm/ldbm_search.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 722117e12de543a3a66695e795e32f55435779ec
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Jul 14 10:47:52 2014 -0400
Ticket 47858 - Internal searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can crash the
server
Bug Description: If an internal search uses OP_FLAG_REVERSE_CANDIDATE_ORDER, and
the search fails tro find any candidates the server will crash.
Fix Description: Make sure we do not dereference a NULL sr_candidates pointer in
ldbm_search().
https://fedorahosted.org/389/ticket/47858
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit e6cee31aa2beb6496df86490776f1f93d3a8348b)
(cherry picked from commit da318fa5f147e229069b13c0479fdf81ccc28213)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c
b/ldap/servers/slapd/back-ldbm/ldbm_search.c
index 6dff1f5..f1375a5 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_search.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c
@@ -1450,7 +1450,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension
)
* search can enter this function multiple times, we need to keep track
* of our state, and only initialize sr_current once.
*/
- if(!op->o_reverse_search_state){
+ if(!op->o_reverse_search_state && sr->sr_candidates){
sr->sr_current = sr->sr_candidates->b_nids;
op->o_reverse_search_state = REV_STARTED;
}