[PATCH] validateascii in idmapd.c access beyond end of array.

Neil Brown Sun, 17 Feb 2008 18:45:22 -0800

If validateascii is passed a string containing only non-zero 7bit
values, then the loop with exit with i == len, and the following
test will access beyond the end of the array.


So add an extra test to fix this.

Found by Marcus Meissner <[EMAIL PROTECTED]>.

Signed-off-by: NeilBrown <[EMAIL PROTECTED]>

diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
index 355c6e1..6b5971c 100644
--- a/utils/idmapd/idmapd.c
+++ b/utils/idmapd/idmapd.c
@@ -848,7 +848,7 @@ validateascii(char *string, u_int32_t len)
                        return (-1);
        }
 
-       if (string[i] != '\0')
+       if ((i >= len) || string[i] != '\0')
                return (-1);
 
        return (i + 1);
-
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] validateascii in idmapd.c access beyond end of array.

Reply via email to