[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8301) signed/unsigned confusion in ber_get_next()

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8301) signed/unsigned confusion in ber_get_next()
From: hyc@symas.com
Date: Thu, 05 Nov 2015 12:07:19 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

ryan@nardis.ca wrote:
> On Thu, Nov 05, 2015 at 12:12:26AM +0000, ondra@mistotebe.net wrote:
>> Hi, the following will assert in liblber on i386 (and it should be possible to
>> craft a similar one for 64bit, I think):
>>
>> echo 'CoSSoJKSCg==' | base64 -d | ~/code/openldap/libraries/liblber/etest .
>
> ITYM dtest?
>
> slapd's sane default setting for sb_max_incoming appears to mitigate
> most of the potential security impact of this one.

Agreed.

But I guess we need to reject any len values that exceed the range of a signed 
ber_len_t, since many liblber functions can only return a ber_slen_t result.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#8302) The chain-tls failure
Next by Date: (ITS#8303) An Asynchronous meta back-end for OpenLDAP
Index(es):
- Chronological
- Thread