[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overfl
From:       Ramon de C Valle <rcvalle () redhat ! com>
Date:       2011-10-28 15:37:46
Message-ID: c0ed7b0e-5668-4bfc-928b-c0fabf9a92da () zmail15 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

> > > I wonder if this is really security relevant as it seem the worst
> > > that might
> > > happen is that an authenticated user can crash the daemon. I was
> > > not able to do
> > > so during a short test but I guess that is just a matter of trying
> > > long enough.
Doug Lea's Malloc stores chunks whose size is small than 512 bytes in one of the small bins, \
which holds identically sized chunks. The size of a chunk is always a multiple of 8 bytes, and \
the first small bin holds 16 bytes chunks. Since the minimum allocated size is 16 bytes, it \
seems no data that can result in application crash can be overwritten as a result of this.


-- 
Ramon de C Valle / Red Hat Security Response Team


[prev in list] [next in list] [prev in thread] [next in thread]