https://bugs.openldap.org/show_bug.cgi?id=9578
Issue ID: 9578 Summary: Buffer overflow at libraries/libldap/ldif.c:907 (ldif_read_record) Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: grapvar@gmail.com Target Milestone: ---
Created attachment 827 --> https://bugs.openldap.org/attachment.cgi?id=827&action=edit fix
libraries/libldap/ldif.c:829
/* Squash \r\n to \n */ if ( len > 1 && line[len-2] == '\r' ) { len--; line[len-1] = '\n'; }
may cause buffer overflow at
libraries/libldap/ldif.c:907
strcpy( *bufp + lcur, line );
https://bugs.openldap.org/show_bug.cgi?id=9578
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Howard Chu hyc@openldap.org --- Thanks, fixed in git master
https://bugs.openldap.org/show_bug.cgi?id=9578
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.6 Resolution|TEST |FIXED
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- Commits: • a29b6cd5 by Konstantin Andreev at 2021-06-14T17:02:54+00:00 ITS#9578 ldif: terminate buf after truncating \r
https://bugs.openldap.org/show_bug.cgi?id=9578
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org