#3883 In ipadb_fill_info we use the wrong size to memset
Closed: Fixed None Opened 7 years ago by simo.

info3->base.LMSessionKEY is memset using sizeof(info3->base.keys) which is larger.
This will cause an overwrite of the fields that follow LMSessioKey. Luckily those fields are set only after LMSessionKey is cleared so this is not seen. A compiler that aggressively optimized though may reorder operations and that could lead to issues.

Coverity ID:11909 Out-of-bounds access

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 3.3.x - 2013/08 (bug fixing)

4 years ago

Login to comment on this ticket.