IMO this doesn't qualify for a CVE and the reporter is just trying to pad his resume with fluff.
In practice reads are non-destructive and 1 byte beyond an allocated buffer isn't going to break
anything. Note that there is zero impact on slapd itself, because all of our uses explicitly pad
one extra byte on message allocations. So this is only a potential problem for 3rd party users
of liblber/ber_init2, a function that wasn't part of the old LDAP API RFC and is specific to
OpenLDAP's liblber. I.e., no standard-compliant apps are using it.
Any other opinions?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
