From 858f45f80fa73367bc5cf18b3dd29e3129fbe70c Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Wed, 30 Jun 2010 11:23:33 -0600
Subject: Bug 609590  - fix coverity Defect Type: Memory - corruptions issues

https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: ACLPB_MAX_ATTR_LEN is the buffer size including the trailing
null, not the strlen.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
---
 ldap/servers/plugins/acl/acl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 574c862e..43b289e9 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -1039,9 +1039,9 @@ acl_read_access_allowed_on_entry (
 			** sending
 			*/
 			len = strlen(attr_type);
-			if ( len > ACLPB_MAX_ATTR_LEN) {
+			if ( (len + 1) > ACLPB_MAX_ATTR_LEN) {
 				slapi_ch_free ( (void **) &aclpb->aclpb_Evalattr);
-				aclpb->aclpb_Evalattr = slapi_ch_malloc(len);
+				aclpb->aclpb_Evalattr = slapi_ch_malloc(len+1);
 			}
 			PL_strncpyz (aclpb->aclpb_Evalattr, attr_type, len);
 			if ( attr_index >= 0 ) {
-- 
cgit