Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry-picked from commit for master)
  • Loading branch information
douglasbagnall authored and kseeger committed Mar 19, 2021
1 parent 50e4487 commit fab6b79
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/ldb/common/attrib_handlers.c
Expand Up @@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,

/* remove leading spaces if any */
if (*s == ' ') {
for (t = s; *s == ' '; s++) ;
for (t = s; *s == ' '; s++, l--) ;

/* remove leading spaces by moving down the string */
memmove(t, s, l);
Expand Down

0 comments on commit fab6b79

Please sign in to comment.