https://bugs.openldap.org/show_bug.cgi?id=10211
Issue ID: 10211
Summary: uid or gid >= 2^31 can crash slapd when performing
peercred auth
Product: OpenLDAP
Version: 2.6.7
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: b...@openldap.org
Reporter: n...@portercomputing.co.uk
Target Milestone: ---
Created attachment 1018
--> https://bugs.openldap.org/attachment.cgi?id=1018&action=edit
Patch to resolve issue
If a user with uid or gid >= 2^31 performs peercred authentication, slapd can
crash due to incorrect formatting of uid and gid when producing the authid
string.
uid and gid are unsigned int values, but are currently cast to int and printed
with %d. This results in values >= 2^31 being printed as negatives, which is
wrong, and for some values that will result in a string longer than the space
which has been allocated due to the addition of the leading '-'.
The issue can be reproduced by attempting a peercred auth from a user with uid
and gid 2649996510 - which will currently be printed as -1644970786.
Attached is a patch which rectifies this.
--
You are receiving this mail because:
You are on the CC list for the issue.
