The Samba-Bugzilla – Attachment 16500 Details for
Bug 14655
CVE-2021-20277 [SECURITY] out of bounds read in ldb_handler_fold
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
the immediate fix (leaving other bugs)
0001-ldb-attrib_handlers-casefold-stay-in-bounds.patch (text/plain), 992 bytes, created by
Douglas Bagnall
on 2021-03-05 09:50:10 UTC
(
hide
)
Description:
the immediate fix (leaving other bugs)
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2021-03-05 09:50:10 UTC
Size:
992 bytes
patch
obsolete
>From f6bcf3ecbd77295cc55da7425b873337112b3afd Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Tue, 8 Dec 2020 21:32:09 +1300 >Subject: [PATCH] ldb/attrib_handlers casefold: stay in bounds > >For a string that had N spaces at the beginning, we would >try to move N bytes beyond the end of the string. > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > lib/ldb/common/attrib_handlers.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c >index b5212b73159..c6ef5ad477b 100644 >--- a/lib/ldb/common/attrib_handlers.c >+++ b/lib/ldb/common/attrib_handlers.c >@@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, > > /* remove leading spaces if any */ > if (*s == ' ') { >- for (t = s; *s == ' '; s++) ; >+ for (t = s; *s == ' '; s++, l--) ; > > /* remove leading spaces by moving down the string */ > memmove(t, s, l); >-- >2.20.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=16500">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14655
: 16500 |
16501
|
16518
|
16525
|
16526
|
16527
|
16528
|
16529
|
16531