Logged in as guest
Viewing Software Bugs/7059 Full headers
Major security issue: yes no
Notes: fixed in master fixed in RE24 Notification:
Date: Thu, 06 Oct 2011 21:46:22 +0000 From: hyc@openldap.org To: openldap-its@OpenLDAP.org Subject: UTF8StringNormalize will overrun a zero-length value
Full_Name: Howard Chu Version: 2.4.x OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (76.94.188.8) Submitted by: hyc According to the commit history this bug has been present since 2003-04-07 (commit 67d6b23d). A patch is in git master, but I'm continuing to investigate and will update it further.
Date: Tue, 22 Nov 2011 14:30:04 -0800 From: Howard Chu <hyc@symas.com> To: Howard Chu <openldap-its@OpenLDAP.org> Subject: ITS#7059 UTF8StringNormalize issue
As Ralf Haferkamp noted, the real bug was introduced with postalAddressNormalize which was released in 2.4.10, so nothing earlier than that is affected. Also, this bug had no effect on most Linux installs because glibc malloc always allocates at least 16 bytes. The bug was only detected because I was running valgrind to check for leaks; there was no known crash related to this bug. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
