[Fedora-directory-commits] adminserver/admserv/cgi-src40 security.c, 1.21, 1.22
Richard Allen Megginson
rmeggins at fedoraproject.org
Fri Apr 3 16:06:21 UTC 2009
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7989/adminserver/admserv/cgi-src40
Modified Files:
security.c
Log Message:
Resolves: bug 493989
Bug Description: Admin Server: valgrind invalid read in security.c when installing CRL
Reviewed by: nkinder (Thanks!)
Fix Description: security.c uses strstr to search for the begin and end crl header and footer. This assumes the buffer is null terminated, but it is not. The fix is to null terminate the buffer.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Index: security.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- security.c 10 Feb 2009 17:49:46 -0000 1.21
+++ security.c 3 Apr 2009 16:06:18 -0000 1.22
@@ -1560,6 +1560,8 @@
memcpy(ascii+asciiLen, buf, size);
asciiLen += size;
}
+ ascii = (unsigned char*) PORT_Realloc(ascii, asciiLen + 1);
+ ascii[asciiLen] = '\0'; /* null terminate string */
fclose(f);
}
More information about the Fedora-directory-commits
mailing list