[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8066) mdb_load truncates long values when resizing buffer

Full_Name: Pierre Chapuis
Version: master
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


    Starting from 2048, the first input line larger than any power of two N
    is truncated to N-1. This results in truncated values in the database.


    In the code that resizes the input buffer, fgets() is used.
    fgets(*, n, *) reads a maximum of n-1 characters and 0-terminates
    the string. When the next chunk is read, the '\0' remains in the
    string. Later, strlen() is used and the string is truncated.

Proposed fix:

    A patch against the current OpenLDAP master llllows.


 libraries/liblmdb/mdb_load.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/liblmdb/mdb_load.c b/libraries/liblmdb/mdb_load.c
index f626692..e86b6fd 100644
--- a/libraries/liblmdb/mdb_load.c
+++ b/libraries/liblmdb/mdb_load.c
@@ -218,7 +218,7 @@ badend:
                c1 = buf->mv_data;
                c1 += buf->mv_size;
-               if (fgets((char *)c1, buf->mv_size, stdin) == NULL) {D%D
+               if (fgets((char *)c1-1, buf->mv_size+1, stdin) == NULL) {
                        Eof = 1;
                        return EOF;