Bug in ldapdb_plugin - No check if memory is exhausted in ldapdb_canon_client

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi List,

 

I used the ldapdb_plugin as a template for my sql_plugin-enhancements.

While reading through the code there is one problem coming to my mind:

In ldapdb_canon_client there is NO check whether ulen is greater than out_umax – maybe it is only a minor issue because the string user is only truncated, but I didn’t have a look if there could be any situation where the size of the string user could be greater than out_umax.

 

Patch would be:

>if (ulen>out_umax) return SASL_NOMEM;

Just in front of the memcpy.

 

Lars


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux