[Pkg-openldap-devel] Bug#647610: CVE-2011-4079: Denial of Service through off-by-one
Petter Reinholdtsen
pere at hungry.com
Wed Nov 16 09:45:33 UTC 2011
I found thiese comments from Ramon de C Valle in the RedHat bugzilla
(2011-10-28 11:21:16 EDT)
Doug Lea's Malloc stores chunks whose size is smaller than 512 bytes
in one of the small bins, which holds identically sized chunks. The
size of a chunk is always a multiple of 8 bytes, and the first small
bin holds 16 bytes chunks. Since the minimum allocated size is 16
bytes, it seems no data that can result in application crash can be
overwritten as a result of this.
(2011-11-15 11:30:35 EST)
The Red Hat Security Response Team does not consider this to be a
security issue. For additional information, refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=749324#c1.
I believe this indicate that when the function is working on memory
blocks from the heap, there will always be spare room and no overwriting
will take place. That leave on stack space, which I guess rarely are
used for random UTF-8 strings.
Perhaps this issue isn't really a security problem and the severity
should be reduced?
--
Happy hacking
Petter Reinholdtsen
More information about the Pkg-openldap-devel
mailing list