[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd -r buffer overflow (ITS#722)

To: openldap-its@OpenLDAP.org
Subject: Re: slurpd -r buffer overflow (ITS#722)
From: Kurt@OpenLDAP.org
Date: Wed, 13 Sep 2000 00:44:42 GMT

Fixed in HEAD and OPENLDAP_REL_ENG_2.  Please test.  Thanks.

At 11:08 AM 9/10/00 +0000, jhuuskon@messi.uku.fi wrote:
>Full_Name: Jarno Huuskonen
>Version: 2.0.1
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (193.167.224.11)
>
>
>slurpd doesn't check -r command line parameter length before using strcpy -->
>buffer overflow
>
>Here's a quick patch:
>--- args.c-orig Sun Sep 10 13:56:09 2000
>+++ args.c      Sun Sep 10 13:58:03 2000
>@@ -106,7 +106,8 @@
>            g->slapd_configfile = strdup( optarg );
>            break;
>        case 'r':       /* slapd replog file */
>-           strcpy( g->slapd_replogfile, optarg );
>+               strncpy( g->slapd_replogfile, optarg, MAXPATHLEN-1);
>+               g->slapd_replogfile[MAXPATHLEN-1] = '\0';
>            rflag++;
>            break;
>        case 't':       /* dir to use for our copies of replogs */

Prev by Date: Re: Memory leak on Solaris 8? (ITS#736)
Next by Date: Re: CPU load at 100% on Windows 2000 (ITS#697)
Index(es):
- Chronological
- Thread