[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Unprotected buffer in openldap-19981116
There is an unprotected buffer in servers/slapd/configinfo.c
(config_info) which might overflow during the following loop:
for ( i = 0; i < nbackends; i++ ) {
strcpy( buf, backends[i].be_type );
for ( j = 0; backends[i].be_suffix[j] != NULL; j++ ) {
strcat( buf, " : " );
strcat( buf, backends[i].be_suffix[j] );
}
val.bv_val = buf;
val.bv_len = strlen( buf );
attr_merge( e, "database", vals );
}
If there backends with many and loooong suffixes...you know this
*will* happen. Beside this, due to the strcats the runtime is O(n^2).
Regards
J.Pietschmann