https://bugs.openldap.org/show_bug.cgi?id=10357
Issue ID: 10357
Summary: Potential buffer underflow in function
config_find_base
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
In function `config_find_base`, we have the code:
```c
char *c = dn->bv_val+dn->bv_len;
for (;*c != ',';c--);
```
In the loop, if the string doesn't contain any commas, `c` will decrement below
`dn->bv_val`, causing buffer underflow when `*c` is accessed.
--
You are receiving this mail because:
You are on the CC list for the issue.
