[Date Prev][Date Next]
(ITS#4740) SASL bind assert
Full_Name: Howard Chu
Version: all < 2.3.29
Submission from: (NULL) (18.104.22.168)
Submitted by: hyc
Apparently this bug was discovered by Evgeny Legerov but was not previously
reported to anyone on the Project. The bug is now fixed in HEAD and RE23.
Performing a SASL Bind with an authcid longer than 255 characters, with a space
as the 255th character, will cause the length of the normalized name to be
computed incorrectly, failing to take into account the escaping of the space
character. (The SASL Bind code truncates all incoming names longer than 255 to
exactly 255 characters.) This triggers an assert in libldap because the
resulting string length doesn't match what we expected it to be.
The fix is in libldap/getdn.c rev 1.134.
The MITRE CVE record for this bug is