[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_controls_dup() writes beyond allocated memory (ITS#1898)

To: openldap-its@OpenLDAP.org
Subject: ldap_controls_dup() writes beyond allocated memory (ITS#1898)
From: dsteck@novell.com
Date: Fri, 21 Jun 2002 17:07:39 GMT

Full_Name: David Steck
Version: OPENLDAP_REL_ENG_2_1_2
OS: Windows
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (137.65.133.66)


ldap_controls_dup() allocates an array of LDAPControl pointers.
It doesn't allocate one for the NULL pointer at the end, but writes to it.

Simple patch in libraries\libldap\controls.c:

294c294
<       new = (LDAPControl **) LDAP_MALLOC( i * sizeof(LDAPControl *) );
---
>       new = (LDAPControl **) LDAP_MALLOC( (i+1) * sizeof(LDAPControl *) );

Prev by Date: Re: send_search_entry aborts b/c ber_flush fails with errno=0 (ITS#1891)
Next by Date: Some options such as TLS_CACERT are missing from ldap.conf man page (ITS#1896)
Index(es):
- Chronological
- Thread