From 393b19b44922a2be1a55f38620911b0e3568fe1c Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 27 Sep 2001 04:40:11 +0000
Subject: [PATCH] Fix buffer overflow bug (ITS#1345)

---
 CHANGES                |  4 ++++
 libraries/liblber/io.c | 10 ++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index 19ef695ce9..b69eddd7c4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
 OpenLDAP 2.0 Change Log
 
 OpenLDAP 2.0.16 Engineering
+	Fixed CR/LF handling (ITS#1328)
+	Fixed slapd/slurpd max args bug (ITS#1343)
+	Fixed slurpd server down reject fix (ITS#1183)
+	Fixed -llber ber_realloc bug (ITS#1346)
 
 OpenLDAP 2.0.15 Release
 	Fixed -lldap TLS external handling
diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
index 37620e5a29..f6183cc507 100644
--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
@@ -34,8 +34,6 @@
 
 #include "lber-int.h"
 
-#define EXBUFSIZ	1024
-
 static ber_slen_t
 BerRead(
 	Sockbuf *sb,
@@ -123,7 +121,7 @@ ber_write(
 int
 ber_realloc( BerElement *ber, ber_len_t len )
 {
-	ber_len_t	need, have, total;
+	ber_len_t	total;
 	Seqorset	*s;
 	long		off;
 	char		*oldbuf;
@@ -134,9 +132,9 @@ ber_realloc( BerElement *ber, ber_len_t len )
 	assert( BER_VALID( ber ) );
 
 	total = ber_pvt_ber_total( ber );
-	have = total / EXBUFSIZ;
-	need = (len < EXBUFSIZ ? 1 : (len + (EXBUFSIZ - 1)) / EXBUFSIZ);
-	total = have * EXBUFSIZ + need * EXBUFSIZ;
+
+#define EXBUFSIZ	1000
+	total += len < EXBUFSIZ ? EXBUFSIZ : len;
 
 	oldbuf = ber->ber_buf;
 
-- 
2.47.2