Public bug reported:
Binary package hint: libkolab-perl
/usr/bin/kolab_smtpdpolicy have format string bug .
test case :
emanuel@emanuel-desktop:/tmp$ /usr/bin/kolab_smtpdpolicy -ldap "Bug%n.."
Modification of a read-only value attempted at /usr/bin/kolab_smtpdpolicy line
161, <DATA> line 353.
emanuel@emanuel-desktop:/tmp$ /usr/bin/kolab_smtpdpolicy -v -basedn "a%n"
Modification of a read-only value attempted at /usr/bin/kolab_smtpdpolicy line
161, <DATA> line 353.
the bug can be found at :
1)
sub ldap_connect {
my $ldapuri = URI->new($conf_ldapuri) || fatal_exit("error: could not parse
given uri $conf_ldapuri");
$ldap = Net::LDAP->new($conf_ldapuri) || fatal_exit("could not connect ldap
server $conf_ldapuri: $@");
2)
if( $verbose ) {
mylog( $syslog_priority, "ldap=$conf_ldapuri, basedn=$conf_basedn,
binddn=$conf_binddn");
}
fix :
all the calls to mylog and fatal_exit function need to be checked for format
string bugs and add format where it missing , like :
mylog( $syslog_priority, "ldap=%s, basedn=%s, binddn=%s" , $conf_ldapuri ,
$conf_basedn , $conf_binddn);
** Affects: libkolab-perl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/781959
Title:
Format string bug in kolab_smtpdpolicy
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
