Buffer overrun in User comments

Version 1.521


Casting issue where a unsigned negative number is larger than a positive unsigned number caused the "should it grow" check on the buffer to return false. This caused DA to access memory out of it's allowed bounds, but did not trigger a segfault, but rather an invalid pointer error: *** Error in `./directadmin': munmap_chunk(): invalid pointer: 0x00007f9fcab48d20 ***

Interested to try DirectAdmin? Get a 30-day Free Trial!