From ccb4f4854a8d8728d7e016c8ad47ae63351c0460 Mon Sep 17 00:00:00 2001 From: HAMANO Tsukasa Date: Wed, 1 Sep 2021 18:42:10 +0900 Subject: [PATCH] ITS#9643 Fix out of bounds read in entry_decode() --- servers/slapd/entry.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/servers/slapd/entry.c b/servers/slapd/entry.c index 7c78239c96..04df2faf8d 100644 --- a/servers/slapd/entry.c +++ b/servers/slapd/entry.c @@ -845,7 +845,8 @@ int entry_decode(EntryHeader *eh, Entry **e) a = x->e_attrs; bptr = (BerVarray)eh->bv.bv_val; - while ((i = entry_getlen(&ptr))) { + while (((char *)ptr - eh->bv.bv_val < eh->bv.bv_len) && + (i = entry_getlen(&ptr))) { struct berval bv; bv.bv_len = i; bv.bv_val = (char *) ptr;