[Date Prev][Date Next] [Chronological] [Thread] [Top]

Invalid memory access in ber_get_stringa (ITS#1273)

Full_Name: Hannes Reinecke
Version: 2.0.11
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

It is possible to get an invalid memory access in ber_get_stringa():
If the datalen as returned from ber_skip_tag equals 0, the buffer buf* is
not initialised properly, and ber_read tries to access an invalid buffer as per
memmove. This is probably not actually harmful, since it then tries to move 0
but one should watch out for this.

Simple patch would be to insert

if (datalen == 0) {
	*buf = NULL;
	return = LBER_DEFAULT;

after line 290 in libraries/liblber/decode.c

Thanks in advance