[Date Prev][Date Next] [Chronological] [Thread] [Top]

acl.c: string_expand() maybe wrong check for space in buffer (ITS#1963)

To: openldap-its@OpenLDAP.org
Subject: acl.c: string_expand() maybe wrong check for space in buffer (ITS#1963)
From: rhafer@suse.de
Date: Wed, 17 Jul 2002 12:06:24 GMT

Full_Name: Ralf Haferkamp
Version: 2.0.23
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.95.15.201)


servers/slapd/acl.c line 1536:

    for ( ; size < 512 && i < l; size++, i++ ) {
        *dp++ = match[i];
        size++;
    }

It tests for size < 512, but dp (newbuf) could be smaller than that.

I think checking for size < bufsize would be the right thing. Similar does it
the code in HEAD (just with a struct berval).

Prev by Date: Re: Harmless buffer overflow in servers/slapd/lock.c (ITS#1964)
Next by Date: Re: FW: is the ssl3_send_alert() function public ( part of the API )? (ITS#1954)
Index(es):
- Chronological
- Thread