From: Howard Chu <hyc@openldap.org>
Date: Wed, 5 Dec 2018 10:41:47 +0000 (+0000)
Subject: ITS#8752 (maybe related)
X-Git-Tag: OPENLDAP_REL_ENG_2_4_47~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09aea7d84492dbfe61adf197214f206d99b43469;p=thirdparty%2Fopenldap.git

ITS#8752 (maybe related)

Avoid incremental access to user-supplied bv in dupbv
---

diff --git a/libraries/liblber/memory.c b/libraries/liblber/memory.c
index a99f5044c4..aa1d1e1231 100644
--- a/libraries/liblber/memory.c
+++ b/libraries/liblber/memory.c
@@ -482,7 +482,7 @@ struct berval *
 ber_dupbv_x(
 	struct berval *dst, struct berval *src, void *ctx )
 {
-	struct berval *new;
+	struct berval *new, tmp;
 
 	if( src == NULL ) {
 		ber_errno = LBER_ERROR_PARAM;
@@ -490,7 +490,7 @@ ber_dupbv_x(
 	}
 
 	if ( dst ) {
-		new = dst;
+		new = &tmp;
 	} else {
 		if(( new = ber_memalloc_x( sizeof(struct berval), ctx )) == NULL ) {
 			return NULL;
@@ -500,18 +500,23 @@ ber_dupbv_x(
 	if ( src->bv_val == NULL ) {
 		new->bv_val = NULL;
 		new->bv_len = 0;
-		return new;
-	}
+	} else {
 
-	if(( new->bv_val = ber_memalloc_x( src->bv_len + 1, ctx )) == NULL ) {
-		if ( !dst )
-			ber_memfree_x( new, ctx );
-		return NULL;
+		if(( new->bv_val = ber_memalloc_x( src->bv_len + 1, ctx )) == NULL ) {
+			if ( !dst )
+				ber_memfree_x( new, ctx );
+			return NULL;
+		}
+
+		AC_MEMCPY( new->bv_val, src->bv_val, src->bv_len );
+		new->bv_val[src->bv_len] = '\0';
+		new->bv_len = src->bv_len;
 	}
 
-	AC_MEMCPY( new->bv_val, src->bv_val, src->bv_len );
-	new->bv_val[src->bv_len] = '\0';
-	new->bv_len = src->bv_len;
+	if ( dst ) {
+		*dst = *new;
+		new = dst;
+	}
 
 	return new;
 }