Full_Name: Aron Ujvari Version: 2.4.33 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (213.163.11.62)

OpenLDAP 2.4.33 (and before) does not handle properly when in function ldap_pvt_gethostbyname_a the 6-args version of gethostname_r returns ERANGE(34) error code because of too small buffer size.

Although there is a loop in the function to increment the buffer size, but there is no check for ERANGE(34) result in the "r" variable, so no use of the loop.

Relevant code is in libraries/libldap/util-int.c, lines 336-368.

The gethostbyname man page clearly states at GNU Extensions section that gethostbyname_r can return non-zero value on failure, and return ERANGE if "buf" is too small, and the call should be retried with a larger buffer in this case.