[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8066) mdb_load truncates long values when resizing buffer

To: openldap-its@OpenLDAP.org
Subject: (ITS#8066) mdb_load truncates long values when resizing buffer
From: catwell@archlinux.us
Date: Wed, 25 Feb 2015 23:29:22 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Pierre Chapuis
Version: master
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (82.238.40.212)


Description:

    Starting from 2048, the first input line larger than any power of two N
    is truncated to N-1. This results in truncated values in the database.

Explanation:

    In the code that resizes the input buffer, fgets() is used.
    fgets(*, n, *) reads a maximum of n-1 characters and 0-terminates
    the string. When the next chunk is read, the '\0' remains in the
    string. Later, strlen() is used and the string is truncated.

Proposed fix:

    A patch against the current OpenLDAP master llllows.

---

 libraries/liblmdb/mdb_load.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/liblmdb/mdb_load.c b/libraries/liblmdb/mdb_load.c
index f626692..e86b6fd 100644
--- a/libraries/liblmdb/mdb_load.c
+++ b/libraries/liblmdb/mdb_load.c
@@ -218,7 +218,7 @@ badend:
                }
                c1 = buf->mv_data;
                c1 += buf->mv_size;
-               if (fgets((char *)c1, buf->mv_size, stdin) == NULL) {D%D
+               if (fgets((char *)c1-1, buf->mv_size+1, stdin) == NULL) {
                        Eof = 1;
                        badend();
                        return EOF;

---

Prev by Date: Re: (ITS#8064) SIGSEGV in monitor-shutdown code
Next by Date: Re: (ITS#8066) mdb_load truncates long values when resizing buffer
Index(es):
- Chronological
- Thread