Bug in ldapdb_plugin - No check if memory is exhausted in ldapdb_canon_client
Lars Duesing
lars.duesing at camelotsweb.de
Fri May 14 09:56:37 EDT 2010
Hi List,
I used the ldapdb_plugin as a template for my sql_plugin-enhancements.
While reading through the code there is one problem coming to my mind:
In ldapdb_canon_client there is NO check whether ulen is greater than
out_umax - maybe it is only a minor issue because the string user is only
truncated, but I didn't have a look if there could be any situation where
the size of the string user could be greater than out_umax.
Patch would be:
>if (ulen>out_umax) return SASL_NOMEM;
Just in front of the memcpy.
Lars
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20100514/2e4fe0d9/attachment.html
More information about the Cyrus-sasl
mailing list