[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Invalid memory access in ber_get_stringa (ITS#1273)
Full_Name: Hannes Reinecke
Version: 2.0.11
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.141.156.248)
It is possible to get an invalid memory access in ber_get_stringa():
If the datalen as returned from ber_skip_tag equals 0, the buffer buf* is
not initialised properly, and ber_read tries to access an invalid buffer as per
memmove. This is probably not actually harmful, since it then tries to move 0
bytes,
but one should watch out for this.
Simple patch would be to insert
if (datalen == 0) {
*buf = NULL;
return = LBER_DEFAULT;
}
after line 290 in libraries/liblber/decode.c
Thanks in advance