[Issue 10357] New: Potential buffer underflow in function config_find_base

12 Jun 2025


      https://bugs.openldap.org/show_bug.cgi?id=10357
Issue ID: 10357
           Summary: Potential buffer underflow in function
                    config_find_base
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: bugs@openldap.org
          Reporter: alexguo1023@gmail.com
  Target Milestone: ---
In function `config_find_base`, we have the code:
```c
char *c = dn->bv_val+dn->bv_len;
for (;*c != ',';c--);
```
In the loop, if the string doesn't contain any commas, `c` will decrement below
`dn->bv_val`, causing buffer underflow when `*c` is accessed.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 10357] New: Potential buffer underflow in function config_find_base