Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add bounds checking in DN unescape function

My previous patch for bug 504817 could cause us to read past the
end of the RDN string if it ended with a single escape character.
This fix adds a bounds check to ensure that we don't read past
the end of the string.
Nathan Kinder 16 years ago
parent
5c71f20ebf
commit
c177c34eef
1 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 4 2
      ldap/servers/slapd/util.c

+ 4 - 2
ldap/servers/slapd/util.c
View File 

@@ -236,8 +236,10 @@ strcpy_unescape_value( char *d, const char *s )
 
                 }
 
             }
 
             /* This is an escaped single character (like \"), so
 
-             * just copy the special character and not the escape. */
 
-            if (gotesc) {
 
+             * just copy the special character and not the escape.
 
+             * We need to be careful to not go past the end of
 
+             * the string when the loop increments s. */
 
+            if (gotesc && (s+1 < end)) {
 
                 s++;
 
                 *d++ = *s;
 
                 gotesc = 0;