Full_Name: Roger Smith Version: 2.4.16 OS: Any URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.46.48.194)

The function ldap_bv2dn_x is supposed to handle a buffer that is not NULL terminated, as are the functions ldap_bv2rdn_x, str2strval, and ber_strndup_x (through macro LDAP_STRNDUPX)which are in it's codepath. However, in ber_strndup_x (liblber/memory.c) a call is made to strlen which expects a NULL terminated string. At a minimum, this will waste CPU cycles as strlen can continue far past the end of the buffer until it finds a NULL. In the worst case, this sometimes causes a page fault when strlen continues off into protected memory.

This code should be changed to use strnlen, or a locally defined equivilent. e.g. 669,673c669 < len = strlen( s ); < < if ( len > l ) { < len = l; < } ---

  len = strnlen( s, l );