Fix buffer overflow bug (ITS#1345)

diff --git a/CHANGES b/CHANGES
index 19ef695ce9cc73a8efae5307b90165fe24493322..b69eddd7c4eb5afe0ac73c2f004a69726e9eb234 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
 OpenLDAP 2.0 Change Log
 
 OpenLDAP 2.0.16 Engineering
+       Fixed CR/LF handling (ITS#1328)
+       Fixed slapd/slurpd max args bug (ITS#1343)
+       Fixed slurpd server down reject fix (ITS#1183)
+       Fixed -llber ber_realloc bug (ITS#1346)
 
 OpenLDAP 2.0.15 Release
        Fixed -lldap TLS external handling

diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
index 37620e5a2984016ba7d13647fc8d61e16f4438a9..f6183cc5077d7f96d56434ba0cf188f9acad4e34 100644 (file)
--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
@@ -34,8 +34,6 @@
 
 #include "lber-int.h"
 
-#define EXBUFSIZ       1024
-
 static ber_slen_t
 BerRead(
        Sockbuf *sb,
@@ -123,7 +121,7 @@ ber_write(
 int
 ber_realloc( BerElement *ber, ber_len_t len )
 {
-       ber_len_t       need, have, total;
+       ber_len_t       total;
        Seqorset        *s;
        long            off;
        char            *oldbuf;
@@ -134,9 +132,9 @@ ber_realloc( BerElement *ber, ber_len_t len )
        assert( BER_VALID( ber ) );
 
        total = ber_pvt_ber_total( ber );
-       have = total / EXBUFSIZ;
-       need = (len < EXBUFSIZ ? 1 : (len + (EXBUFSIZ - 1)) / EXBUFSIZ);
-       total = have * EXBUFSIZ + need * EXBUFSIZ;
+
+#define EXBUFSIZ       1000
+       total += len < EXBUFSIZ ? EXBUFSIZ : len;
 
        oldbuf = ber->ber_buf;