Ticket 49471 - heap-buffer-overflow in ss_unescape
Bug Description:
Two problems here
- when searching for wildcard and escape char, ss_unescape assumes the string
is at least 3 chars longs. So memcmp can overflow a shorter string
- while splitting a string into substring pattern, it loops over
wildcard and can overpass the string end
Fix Description:
For the first problem, it checks the string size is long enough to memcmp
a wildcard or an escape
For the second it exits from the loop as soon as the end of the string is reached
https://pagure.io/389-ds-base/issue/49471
Reviewed by: William Brown
Platforms tested: F23
Flag Day: no
Doc impact: no
(cherry picked from commit 5991388ce75fba8885579b769711d57acfd43cd3)
(cherry picked from commit 3fb1c408cb4065de8d9c0c1de050d08969d51bb0)