[Date Prev][Date Next] [Chronological] [Thread] [Top]

Invalid memory access in ber_get_stringa (ITS#1273)

To: openldap-its@OpenLDAP.org
Subject: Invalid memory access in ber_get_stringa (ITS#1273)
From: H.Reinecke@palamedes.de
Date: Fri, 3 Aug 2001 14:34:23 GMT

Full_Name: Hannes Reinecke
Version: 2.0.11
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.141.156.248)


It is possible to get an invalid memory access in ber_get_stringa():
If the datalen as returned from ber_skip_tag equals 0, the buffer buf* is
not initialised properly, and ber_read tries to access an invalid buffer as per
memmove. This is probably not actually harmful, since it then tries to move 0
bytes,
but one should watch out for this.

Simple patch would be to insert

if (datalen == 0) {
	*buf = NULL;
	return = LBER_DEFAULT;
}

after line 290 in libraries/liblber/decode.c

Thanks in advance

Prev by Date: set_malloc inconsistence with last sleepycat DB (ITS#1272)
Next by Date: OpenLDAP will not detect Kerberos or SSL (ITS#1274)
Index(es):
- Chronological
- Thread