3ca2f60 Bug 720059 - RDN with % can cause crashes or missing entries

Authored and Committed by rmeggins 12 years ago
    Bug 720059 - RDN with % can cause crashes or missing entries
    
    https://bugzilla.redhat.com/show_bug.cgi?id=720059
    Resolves: bug 720059
    Bug Description: RDN with % can cause crashes or missing entries
    Reviewed by: nhosoi (Thanks!)
    Branch: RHEL-6
    Fix Description: The code was using PR_snprintf to copy the RDN to the
    buffer used to store the value in the entryrdn index.  If there was
    a % in the value, the PR_snprintf was interpreting the next char as a
    formatting directive.  But since we don't pass any varargs arguments,
    the formatting directive was using random garbage on the stack, which
    can lead to crashes or missing entries or other undefined behavior.
    The fix is to use PL_strncpyz which will just copy the string up to
    the correct buffer size and will make sure the string is properly
    null terminated.
    You can use a simple C program to illustrate this problem:
    
    int
    main(int argc, char *argv[])
    {
        char buf[10];
        argv++;
        for (; *argv; ++argv) {
            PR_snprintf(buf, sizeof(buf), *argv);
            printf("buf is [%s]\n", buf);
        }
    
        return 0;
    }
    gcc -o testit testit.c -lnspr4
    Then pass in values like %d %100s %100.100s and so on.  You will either
    get crashes or random output.
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: no
    (cherry picked from commit 0263e0bffdfcb9cf59b7c6ba29f060987d06449a)