Sophie

Sophie

distrib > Mandriva > 2007.1 > i586 > by-pkgid > 8560053103e9ca5582f6ddb97aed7552 > files > 53

openldap-2.3.34-5.3mdv2007.1.src.rpm

http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.122&hideattic=1&sortbydate=0

diff -u -r1.120 -r1.122
--- libraries/liblber/io.c	2008/01/07 23:20:03	1.120
+++ libraries/liblber/io.c	2008/07/01 23:33:15	1.122
@@ -522,14 +522,18 @@
 	}
 
 	while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
-		(char *)&ber->ber_len + LENSIZE*2 -1) {
+		(char *)&ber->ber_len + LENSIZE*2) {
 		ber_slen_t sblen;
 		char buf[sizeof(ber->ber_len)-1];
 		ber_len_t tlen = 0;
 
+		/* The tag & len can be at most 9 bytes; we try to read up to 8 here */
 		sock_errset(0);
-		sblen=ber_int_sb_read( sb, ber->ber_rwptr,
-			((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
+		sblen=((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr;
+		/* Trying to read the last len byte of a 9 byte tag+len */
+		if (sblen<1)
+			sblen = 1;
+		sblen=ber_int_sb_read( sb, ber->ber_rwptr, sblen );
 		if (sblen<=0) return LBER_DEFAULT;
 		ber->ber_rwptr += sblen;
 
@@ -579,7 +583,7 @@
 			int i;
 			unsigned char *p = (unsigned char *)ber->ber_ptr;
 			int llen = *p++ & 0x7f;
-			if (llen > (int)sizeof(ber_len_t)) {
+			if (llen > LENSIZE) {
 				sock_errset(ERANGE);
 				return LBER_DEFAULT;
 			}

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional