Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 557185

Summary: Unterminated string after strncpy in Retro Changelog Plugin
Product: [Retired] 389 Reporter: Endi Sukma Dewata <edewata>
Component: Server - PluginsAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: low    
Version: 1.2.1CC: amsharma, jgalipea
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 17:15:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 639035    
Attachments:
Description Flags
Patch rmeggins: review+

Description Endi Sukma Dewata 2010-01-20 17:01:05 UTC 
The string retrocl_attributes[i] in the following code (retrocl.c:360) is not null terminated:

    retrocl_attributes[i] = slapi_ch_malloc(pos-value+1);
    strncpy(retrocl_attributes[i], value, pos-value);

According to the strncpy() manual, if there is no null byte among the first n bytes of src, the string placed in dest will not be null terminated, which is the case here. It can be fixed by adding this code:

    retrocl_attributes[i][pos-value] = NULL;
Comment 1 Endi Sukma Dewata 2010-01-20 17:04:41 UTC 
Created attachment 385723 [details]
Patch
Comment 2 Rich Megginson 2010-01-20 17:23:50 UTC 
To ssh://git.fedorahosted.org/git/389/ds.git
   f6d937e..9f91c67  master -> master

commit 9f91c67cfc9de5378527cfdb497cd11d9df1a54b
Author: Endi S. Dewata <edewata>
Date:   Tue Jan 19 15:49:52 2010 -0600

    Bug 557185 - Unterminated string after strncpy in Retro Changelog Plugin
    
    According to the strncpy() manual, if there is no null byte among the
    first n bytes of src, the string placed in dest will not be null
    terminated. To fix the problem the null byte should be added manually.
    Reviewed by: rmeggins
    Pushed by: rmeggins
Comment 6 Amita Sharma 2011-07-27 07:57:44 UTC 
Yes. I have added the automated test cases to tet under  cl5 test suit:

mmrepl cl5 startup 	100% (1/1) 	  	 
mmrepl cl5 run 	100% (3/3) 	  	 
mmrepl cl5 cleanup 	100% (1/1)

hence marking VERIFIED.