Commit 09aea7d8 authored by Howard Chu's avatar Howard Chu Committed by Quanah Gibson-Mount
Browse files

ITS#8752 (maybe related)

Avoid incremental access to user-supplied bv in dupbv
parent 18aa4e54
...@@ -482,7 +482,7 @@ struct berval * ...@@ -482,7 +482,7 @@ struct berval *
ber_dupbv_x( ber_dupbv_x(
struct berval *dst, struct berval *src, void *ctx ) struct berval *dst, struct berval *src, void *ctx )
{ {
struct berval *new; struct berval *new, tmp;
if( src == NULL ) { if( src == NULL ) {
ber_errno = LBER_ERROR_PARAM; ber_errno = LBER_ERROR_PARAM;
...@@ -490,7 +490,7 @@ ber_dupbv_x( ...@@ -490,7 +490,7 @@ ber_dupbv_x(
} }
if ( dst ) { if ( dst ) {
new = dst; new = &tmp;
} else { } else {
if(( new = ber_memalloc_x( sizeof(struct berval), ctx )) == NULL ) { if(( new = ber_memalloc_x( sizeof(struct berval), ctx )) == NULL ) {
return NULL; return NULL;
...@@ -500,18 +500,23 @@ ber_dupbv_x( ...@@ -500,18 +500,23 @@ ber_dupbv_x(
if ( src->bv_val == NULL ) { if ( src->bv_val == NULL ) {
new->bv_val = NULL; new->bv_val = NULL;
new->bv_len = 0; new->bv_len = 0;
return new; } else {
}
if(( new->bv_val = ber_memalloc_x( src->bv_len + 1, ctx )) == NULL ) { if(( new->bv_val = ber_memalloc_x( src->bv_len + 1, ctx )) == NULL ) {
if ( !dst ) if ( !dst )
ber_memfree_x( new, ctx ); ber_memfree_x( new, ctx );
return NULL; return NULL;
}
AC_MEMCPY( new->bv_val, src->bv_val, src->bv_len );
new->bv_val[src->bv_len] = '\0';
new->bv_len = src->bv_len;
} }
AC_MEMCPY( new->bv_val, src->bv_val, src->bv_len ); if ( dst ) {
new->bv_val[src->bv_len] = '\0'; *dst = *new;
new->bv_len = src->bv_len; new = dst;
}
return new; return new;
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment