Closed Bug 175900 Opened 22 years ago Closed 22 years ago

read overrun in ldap resolve code

Categories

(Directory :: LDAP C SDK, defect, P2)

x86
Linux
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: blizzard, Assigned: mcs)

Details

(Whiteboard: [sg:branch])

Attachments

(1 file, 1 obsolete file)

nalin@redhat.com reported to me a read overrun in the ldap code. I'll attach the patch in a moment. He says that he thinks that it's not used anymore so it might not matter.
Attached patch mozilla-1.0.1-dnsparse.patch (obsolete) — Splinter Review
That code is not used. Still, I will review the patch soon. We do compile the file, but all the code in getdxbyname.c is inside an #ifdef LDAP_DNS / #endif block. The LDAP_DNS features are experimental and have never been compiled by the mozilla Makefiles.
Status: NEW → ASSIGNED
Whiteboard: tm511
Set priority.
Priority: -- → P2
Whiteboard: tm511 → tm511 [sg:branch]
Target Milestone: --- → 5.11
Whiteboard: tm511 [sg:branch] → [sg:branch]
blizzard, do you agree that this code is not used? If so, we can make this bug public.
It's not used, no. Removing security bit.
Group: security
Mass move of several bugs to TM 5.12.
Target Milestone: 5.11 → 5.12
Comment on attachment 103650 [details] [diff] [review] mozilla-1.0.1-dnsparse.patch Patch looks OK, except the nsldapi_getdxbyname() already includes a call to memset().
Attachment #103650 - Flags: review+
Attached patch final patchSplinter Review
same as original patch with redundant memset() call removed and one comment fix (typo)
Attachment #103650 - Attachment is obsolete: true
Fix committed to the trunk: mozilla/directory/c-sdk/ldap/libraries/libldap/getdxbyname.c new revision: 5.1; previous revision: 5.0 Fix 175900 - read overrun in ldap resolve code. Note: this fixes code we do not compile right now.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Spam for bug 129472
QA Contact: nobody → nobody
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: