Full_Name: Ralf Haferkamp Version: HEAD, RE24 OS: linux (gcc 4.5) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (89.166.207.32) Submitted by: ralf

gcc 4.5 will do some stricter checks for buffer overflows when compiling with -D_FORTIFY_SOURCE=2. Current HEAD aborts in test004-modify with:

*** buffer overflow detected ***: /usr/src/packages/BUILD/openldap-2.4.21/servers/slapd/.libs/slapd terminated ======= Backtrace: =========

#0 0x00007f207dc6b9c5 in raise () from /lib64/libc.so.6 #1 0x00007f207dc6ced6 in abort () from /lib64/libc.so.6 #2 0x00007f207dca6ba9 in __libc_message () from /lib64/libc.so.6 #3 0x00007f207dd20537 in __fortify_fail () from /lib64/libc.so.6 #4 0x00007f207dd1e2e0 in __chk_fail () from /lib64/libc.so.6 #5 0x00007f207fa89769 in strcpy () at dn2id.c:679

There is no real buffer overflow here AFAICS but the real problem is, that the destination of the strcpy() is defined as char[1] in this case (it's the nrdn member of a struct diskNode). The additional runtime check when compiling with -D_FORTIFY_SOURCE=2 sees that the destination data will not fit in there and aborts. The easiest fix here (apart from not building with -D_FORTIFY_SOURCE=2) is to use memcpy instead of strcpy here. I'll submit that later today.