[Date Prev][Date Next] [Chronological] [Thread] [Top]

slurpd -r buffer overflow (ITS#722)

To: openldap-its@OpenLDAP.org
Subject: slurpd -r buffer overflow (ITS#722)
From: jhuuskon@messi.uku.fi
Date: Sun, 10 Sep 2000 11:08:46 GMT

Full_Name: Jarno Huuskonen
Version: 2.0.1
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.167.224.11)


slurpd doesn't check -r command line parameter length before using strcpy -->
buffer overflow

Here's a quick patch:
--- args.c-orig Sun Sep 10 13:56:09 2000
+++ args.c      Sun Sep 10 13:58:03 2000
@@ -106,7 +106,8 @@
            g->slapd_configfile = strdup( optarg );
            break;
        case 'r':       /* slapd replog file */
-           strcpy( g->slapd_replogfile, optarg );
+               strncpy( g->slapd_replogfile, optarg, MAXPATHLEN-1);
+               g->slapd_replogfile[MAXPATHLEN-1] = '\0';
            rflag++;
            break;
        case 't':       /* dir to use for our copies of replogs */

Prev by Date: Re: test001-slapdadd stalled (ITS#679)
Next by Date: Null suffix as default (ITS#723)
Index(es):
- Chronological
- Thread