Mercurial > illumos > illumos-gate
changeset 9875:575a3c22a661
6836899 sasl_encode() is vulnerable to buffer overflow (VU#238019)
| author | Ritwik Ghoshal <Ritwik.Ghoshal@Sun.COM> |
|---|---|
| date | Tue, 16 Jun 2009 06:00:14 -0700 |
| parents | 443951628139 |
| children | fd1599e394c8 |
| files | usr/src/lib/libsasl/lib/saslutil.c |
| diffstat | 1 files changed, 4 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/libsasl/lib/saslutil.c Tue Jun 16 02:49:15 2009 -0700 +++ b/usr/src/lib/libsasl/lib/saslutil.c Tue Jun 16 06:00:14 2009 -0700 @@ -1,8 +1,7 @@ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" /* saslutil.c * Rob Siemborski @@ -142,7 +141,7 @@ olen = (inlen + 2) / 3 * 4; if (outlen) *outlen = olen; - if (outmax < olen) + if (outmax <= olen) return SASL_BUFOVER; /* Do the work... */ @@ -168,9 +167,8 @@ *out++ = '='; } - if (olen < outmax) - *out = '\0'; - + *out = '\0'; + return SASL_OK; }