[Date Prev][Date Next]
Re: (ITS#5558) Buffer Overflow in back_sock and back_shell
> Full_Name: Stef Walter
> Version: openldap 2.4.10
> OS: FreeBSD 6.3-RELEASE-p2
> URL: http://memberwebs.com/stef/scraps/openldap24-buffer-overflow.patch
> Submission from: (NULL) (188.8.131.52)
> The back_sock and back_shell backends have a buffer overflow (off by one)
> problem in their result parsing code in read_and_send_results() lines 82-89 in
> result.c. The buffer is reallocated when an additional string would be too long
> for the buffer, but the string's null terminator is not taken into account.
> This can cause a crash in certain situations. These situations are obviously
> data and OS dependent. But with specific data, the crash is reproducible.
> Patch which fixes the problem:
Thanks, now fixed in CVS HEAD.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/