[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8066) mdb_load truncates long values when resizing buffer
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8066) mdb_load truncates long values when resizing buffer
- From: hyc@symas.com
- Date: Thu, 26 Feb 2015 21:37:53 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
catwell@archlinux.us wrote:
> Full_Name: Pierre Chapuis
> Version: master
> OS: GNU/Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (82.238.40.212)
>
>
> Description:
>
> Starting from 2048, the first input line larger than any power of two N
> is truncated to N-1. This results in truncated values in the database.
Thanks for the report. Fixed now in mdb.master
>
> Explanation:
>
> In the code that resizes the input buffer, fgets() is used.
> fgets(*, n, *) reads a maximum of n-1 characters and 0-terminates
> the string. When the next chunk is read, the '\0' remains in the
> string. Later, strlen() is used and the string is truncated.
>
> Proposed fix:
>
> A patch against the current OpenLDAP master llllows.
>
> ---
>
> libraries/liblmdb/mdb_load.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libraries/liblmdb/mdb_load.c b/libraries/liblmdb/mdb_load.c
> index f626692..e86b6fd 100644
> --- a/libraries/liblmdb/mdb_load.c
> +++ b/libraries/liblmdb/mdb_load.c
> @@ -218,7 +218,7 @@ badend:
> }
> c1 = buf->mv_data;
> c1 += buf->mv_size;
> - if (fgets((char *)c1, buf->mv_size, stdin) == NULL) {D%D
> + if (fgets((char *)c1-1, buf->mv_size+1, stdin) == NULL) {
> Eof = 1;
> badend();
> return EOF;
>
> ---
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/