Howard Chu wrote:
Lars Duesing wrote:
Hi List,
I used the ldapdb_plugin as a template for my sql_plugin-enhancements.
While reading through the code there is one problem coming to my mind:
In ldapdb_canon_client there is NO check whether ulen is greater than
out_umax
– maybe it is only a minor issue because the string user is only
truncated,
but I didn’t have a look if there could be any situation where the
size of the
string user could be greater than out_umax.
Yeah, didn't seem to be a likely case. Still probably ought to be fixed.
Patch would be:
if (ulen>out_umax) return SASL_NOMEM;
Should use SASL_BUFOVER actually.
Agreed.
Committed.
Just in front of the memcpy.
Lars
