upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-18 04:44:17 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#7291 MozNSS: read pin from file file can cause infinite loop

Browse source 
The buffer allocated for reading password file has to be initialized
with zeros, or we need to append zero at the end of the file. Otherwise
we might read unitialized memory and consider it to be a password.
This commit is contained in:
Jan Vcelak 2012-06-06 14:44:53 +02:00 committed by Howard Chu
parent 4b6bd2c600
commit 00d0e16272
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libraries/libldap/tls_m.c
View file

@ -786,7 +786,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx)
}
/* create a buffer to hold the file contents */
if ( !( contents = PR_MALLOC( file_info.size + 1 ) ) ) {
if ( !( contents = PR_CALLOC( file_info.size + 1 ) ) ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
"TLS: could not alloc a buffer for contents of pin file %s - error %d:%s.\n",