From 25509705c3611413c8a26e581033b4281cbbb182 Mon Sep 17 00:00:00 2001 From: Debian 389ds Team Date: Wed, 10 May 2017 07:25:03 +0100 Subject: [PATCH] fix-48986-cve-2017-2591 commit ffda694dd622b31277da07be76d3469fad86150f Author: William Brown Date: Wed Sep 28 10:46:21 2016 +1000 Ticket 48986 - 47808 triggers overflow in uiduniq.c Bug Description: Certain configurations of uiduniq.c would cause an overflow when running with Address Sanitiser Fix Description: Increase the size of the allocation to tmp_config->attrs. https://fedorahosted.org/389/ticket/48986 Author: nhosoi Reviewed by: wibrown Gbp-Pq: Name fix-48986-cve-2017-2591.diff --- ldap/servers/plugins/uiduniq/uid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c index f842654..7a55969 100644 --- a/ldap/servers/plugins/uiduniq/uid.c +++ b/ldap/servers/plugins/uiduniq/uid.c @@ -299,7 +299,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry) } /* Store attrName in the config */ - tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *)); + tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *)); tmp_config->attrs[0] = slapi_ch_strdup(attrName); argc--; argv++; /* First argument was attribute name and remaining are subtrees */ @@ -340,7 +340,7 @@ uniqueness_entry_to_config(Slapi_PBlock *pb, Slapi_Entry *config_entry) * - requiredObjectClass */ /* Store attrName in the config */ - tmp_config->attrs = (const char **) slapi_ch_calloc(1, sizeof(char *)); + tmp_config->attrs = (const char **) slapi_ch_calloc(2, sizeof(char *)); tmp_config->attrs[0] = slapi_ch_strdup(attrName); /* There is no subtrees */ -- 2.30.2