From: Debian 389ds Team Date: Wed, 10 May 2017 06:25:03 +0000 (+0100) Subject: fix-48986-cve-2017-2591 X-Git-Tag: archive/raspbian/1.4.0.19-3+rpi1~1^2^2~1 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=25509705c3611413c8a26e581033b4281cbbb182;p=389-ds-base.git fix-48986-cve-2017-2591 commit ffda694dd622b31277da07be76d3469fad86150f Author: William Brown Date: Wed Sep 28 10:46:21 2016 +1000 Ticket 48986 - 47808 triggers overflow in uiduniq.c Bug Description: Certain configurations of uiduniq.c would cause an overflow when running with Address Sanitiser Fix Description: Increase the size of the allocation to tmp_config->attrs. https://fedorahosted.org/389/ticket/48986 Author: nhosoi Reviewed by: wibrown Gbp-Pq: Name fix-48986-cve-2017-2591.diff --- diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c index f842654..7a55969 100644 --- a/ldap/servers/plugins/uiduniq/uid.c +++ b/ldap/servers/plugins/uiduniq/uid.c @@ -299,7 +299,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry) } /* Store attrName in the config */ - tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *)); + tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *)); tmp_config->attrs[0] = slapi_ch_strdup(attrName); argc--; argv++; /* First argument was attribute name and remaining are subtrees */ @@ -340,7 +340,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry) * - requiredObjectClass */ /* Store attrName in the config */ - tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *)); + tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *)); tmp_config->attrs[0] = slapi_ch_strdup(attrName); /* There is no subtrees */