Issue #3883: In ipadb_fill_info we use the wrong size to memset - freeipa

freeipa

#3883 In ipadb_fill_info we use the wrong size to memset

Closed: Fixed None Opened 10 years ago by simo.

info3->base.LMSessionKEY is memset using sizeof(info3->base.keys) which is larger.
This will cause an overwrite of the fields that follow LMSessioKey. Luckily those fields are set only after LMSessionKey is cleared so this is not seen. A compiler that aggressively optimized though may reorder operations and that could lead to issues.

Coverity ID:11909 Out-of-bounds access

pviktori commented 10 years ago

master: f962573[[BR]]
ipa-3-3: 51a4830

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 3.3.x - 2013/08 (bug fixing)

7 years ago

Metadata

Assignee

simo

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.3.x - 2013/08 (bug fixing)

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

KDC LDAP driver

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#3883 In ipadb_fill_info we use the wrong size to memset Closed: Fixed None Opened 10 years ago by simo.

Metadata

#3883 In ipadb_fill_info we use the wrong size to memset

Closed: Fixed None Opened 10 years ago by simo.