557185 – Unterminated string after strncpy in Retro Changelog Plugin

Bug 557185 - Unterminated string after strncpy in Retro Changelog Plugin

Summary: Unterminated string after strncpy in Retro Changelog Plugin

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Server - Plugins
Sub Component:
Version:	1.2.1
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Rich Megginson
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	639035
TreeView+	depends on / blocked

Reported:	2010-01-20 17:01 UTC by Endi Sukma Dewata
Modified:	2015-12-07 17:15 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-07 17:15:29 UTC
Embargoed:

Attachments	(Terms of Use)
Patch (1.16 KB, patch) 2010-01-20 17:04 UTC, Endi Sukma Dewata	rmeggins: review+	Details \| Diff
View All

Description Endi Sukma Dewata 2010-01-20 17:01:05 UTC

The string retrocl_attributes[i] in the following code (retrocl.c:360) is not null terminated:

    retrocl_attributes[i] = slapi_ch_malloc(pos-value+1);
    strncpy(retrocl_attributes[i], value, pos-value);

According to the strncpy() manual, if there is no null byte among the first n bytes of src, the string placed in dest will not be null terminated, which is the case here. It can be fixed by adding this code:

    retrocl_attributes[i][pos-value] = NULL;

Comment 1 Endi Sukma Dewata 2010-01-20 17:04:41 UTC

Created attachment 385723 [details]
Patch

Comment 2 Rich Megginson 2010-01-20 17:23:50 UTC

To ssh://git.fedorahosted.org/git/389/ds.git
   f6d937e..9f91c67  master -> master

commit 9f91c67cfc9de5378527cfdb497cd11d9df1a54b
Author: Endi S. Dewata <edewata>
Date:   Tue Jan 19 15:49:52 2010 -0600

    Bug 557185 - Unterminated string after strncpy in Retro Changelog Plugin
    
    According to the strncpy() manual, if there is no null byte among the
    first n bytes of src, the string placed in dest will not be null
    terminated. To fix the problem the null byte should be added manually.
    Reviewed by: rmeggins
    Pushed by: rmeggins

Comment 6 Amita Sharma 2011-07-27 07:57:44 UTC

Yes. I have added the automated test cases to tet under  cl5 test suit:

mmrepl cl5 startup 	100% (1/1) 	  	 
mmrepl cl5 run 	100% (3/3) 	  	 
mmrepl cl5 cleanup 	100% (1/1)

hence marking VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.