[Date Prev][Date Next] [Chronological] [Thread] [Top]

Unprotected buffer in openldap-19981116

To: ldap <OpenLDAP-bugs@openldap.org>
Subject: Unprotected buffer in openldap-19981116
From: Jorg Pietschmann <pietsch@swissline.ch>
Date: Mon, 07 Dec 1998 23:07:15 +0100

There is an unprotected buffer in servers/slapd/configinfo.c
(config_info) which might overflow during the following loop:

	for ( i = 0; i < nbackends; i++ ) {
		strcpy( buf, backends[i].be_type );
		for ( j = 0; backends[i].be_suffix[j] != NULL; j++ ) {
			strcat( buf, " : " );
			strcat( buf, backends[i].be_suffix[j] );
		}
		val.bv_val = buf;
		val.bv_len = strlen( buf );
		attr_merge( e, "database", vals );
	}

If there backends with many and loooong suffixes...you know this
*will* happen. Beside this, due to the strcats the runtime is O(n^2).

Regards

J.Pietschmann

Prev by Date: make install error for SunOS 4.x
Next by Date: Re: possible undefined behaviour in openldap-19981116
Index(es):
- Chronological
- Thread