Commit 02cba98c authored by Hallvard Furuseth's avatar Hallvard Furuseth
Browse files

Protect from sprintf buffer overrun in ldapsearch -f file "(cn=%100000s)"

parent b70d6dd8
......@@ -1049,13 +1049,18 @@ static int dosearch(
int cancel_msgid = -1;
if( filtpatt != NULL ) {
filter = malloc( strlen( filtpatt ) + strlen( value ) );
size_t max_fsize = strlen( filtpatt ) + strlen( value ) + 1;
filter = malloc( max_fsize );
if( filter == NULL ) {
perror( "malloc" );
return EXIT_FAILURE;
}
sprintf( filter, filtpatt, value );
if( snprintf( filter, max_fsize, filtpatt, value ) >= max_fsize ) {
fprintf( stderr, "Bad filter pattern: \"%s\"\n", filtpatt );
free( filter );
return EXIT_FAILURE;
}
if ( verbose ) {
fprintf( stderr, _("filter: %s\n"), filter );
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment