[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4046) Memory overwrite error in db_dgram_read

To: openldap-its@OpenLDAP.org
Subject: (ITS#4046) Memory overwrite error in db_dgram_read
From: mike.patnode@centrify.com
Date: Tue, 27 Sep 2005 18:24:29 GMT

Full_Name: Mike Patnode
Version: 2.2.26
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (63.199.144.29)



db_dgram read doesn't subtract addrlen from the recvfrom buffer len, resulting
in a possible buffer overrun.   Patch included:

*** sockbuf.c.orig      2005-09-27 11:20:19.129981709 -0700
--- sockbuf.c   2005-09-27 11:20:03.480189818 -0700
***************
*** 909,914 ****
--- 909,915 ----
        addrlen = sizeof( struct sockaddr );
        src = buf;
        buf += addrlen;
+     len -= addrlen;
        rc = recvfrom( sbiod->sbiod_sb->sb_fd, buf, len, 0, src, &addrlen );

        return rc > 0 ? rc+sizeof(struct sockaddr): rc;

Prev by Date: Re: (ITS#4027) Requesting critical manageDSAit control with back-meta results in err=32
Next by Date: Re: (ITS#4025) Ppolicy overlay: objectIdentifierMatch rule doesn't understand descriptions
Index(es):
- Chronological
- Thread