diff options
author | Nathan Kinder <nkinder@redhat.com> | 2009-11-18 22:05:57 -0800 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2009-11-18 22:05:57 -0800 |
commit | c177c34eef54e4ef6dc96cd22418a47cbd03789e (patch) | |
tree | b9eac2d164c63cb946fe77d6e171356c1ea629cb /ldap/servers/slapd/util.c | |
parent | 5c71f20ebfa08b7f8d86eb57d5a73a8a44f5bb8e (diff) | |
download | ds-c177c34eef54e4ef6dc96cd22418a47cbd03789e.tar.gz ds-c177c34eef54e4ef6dc96cd22418a47cbd03789e.tar.xz ds-c177c34eef54e4ef6dc96cd22418a47cbd03789e.zip |
Add bounds checking in DN unescape function
My previous patch for bug 504817 could cause us to read past the
end of the RDN string if it ended with a single escape character.
This fix adds a bounds check to ensure that we don't read past
the end of the string.
Diffstat (limited to 'ldap/servers/slapd/util.c')
-rw-r--r-- | ldap/servers/slapd/util.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c index c8d9a744..71a2305b 100644 --- a/ldap/servers/slapd/util.c +++ b/ldap/servers/slapd/util.c @@ -236,8 +236,10 @@ strcpy_unescape_value( char *d, const char *s ) } } /* This is an escaped single character (like \"), so - * just copy the special character and not the escape. */ - if (gotesc) { + * just copy the special character and not the escape. + * We need to be careful to not go past the end of + * the string when the loop increments s. */ + if (gotesc && (s+1 < end)) { s++; *d++ = *s; gotesc = 0; |