Re: Bug in ldapdb_plugin - No check if memory is exhausted in ldapdb_canon_client

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Howard Chu wrote:

Lars Duesing wrote:

Hi List,

I used the ldapdb_plugin as a template for my sql_plugin-enhancements.

While reading through the code there is one problem coming to my mind:

In ldapdb_canon_client there is NO check whether ulen is greater than out_umax – maybe it is only a minor issue because the string user is only truncated, but I didn’t have a look if there could be any situation where the size of the
string user could be greater than out_umax.

Yeah, didn't seem to be a likely case. Still probably ought to be fixed.

Patch would be:

if (ulen>out_umax) return SASL_NOMEM;

Should use SASL_BUFOVER actually.


Just in front of the memcpy.


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux