mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
paranoid check for escaped dn separators when naively checking for rdn boundary
This commit is contained in:
parent
bdb3edefd5
commit
0f64b72a00
@ -352,7 +352,7 @@ acl_get(
|
||||
if ( dnlen <= patlen )
|
||||
continue;
|
||||
|
||||
if ( e->e_ndn[dnlen - patlen - 1] != ',' )
|
||||
if ( !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) || DN_ESCAPE( e->e_ndn[dnlen - patlen - 2] ) )
|
||||
continue;
|
||||
|
||||
rdn = dn_rdn( NULL, e->e_ndn );
|
||||
@ -364,13 +364,13 @@ acl_get(
|
||||
continue;
|
||||
|
||||
} else if ( a->acl_dn_style == ACL_STYLE_SUBTREE ) {
|
||||
if ( dnlen > patlen && e->e_ndn[dnlen - patlen - 1] != ',' )
|
||||
if ( dnlen > patlen && ( !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) || DN_ESCAPE( e->e_ndn[dnlen - patlen - 2] ) ) )
|
||||
continue;
|
||||
|
||||
} else if ( a->acl_dn_style == ACL_STYLE_CHILDREN ) {
|
||||
if ( dnlen <= patlen )
|
||||
continue;
|
||||
if ( e->e_ndn[dnlen - patlen - 1] != ',' )
|
||||
if ( !DN_SEPARATOR( e->e_ndn[dnlen - patlen - 1] ) || DN_ESCAPE( e->e_ndn[dnlen - patlen - 2] ) )
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -559,7 +559,7 @@ acl_mask(
|
||||
if ( odnlen <= patlen )
|
||||
continue;
|
||||
|
||||
if ( op->o_ndn[odnlen - patlen - 1] != ',' )
|
||||
if ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) )
|
||||
continue;
|
||||
|
||||
rdn = dn_rdn( NULL, op->o_ndn );
|
||||
@ -571,13 +571,13 @@ acl_mask(
|
||||
continue;
|
||||
|
||||
} else if ( b->a_dn_style == ACL_STYLE_SUBTREE ) {
|
||||
if ( odnlen > patlen && op->o_ndn[odnlen - patlen - 1] != ',' )
|
||||
if ( odnlen > patlen && ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) ) )
|
||||
continue;
|
||||
|
||||
} else if ( b->a_dn_style == ACL_STYLE_CHILDREN ) {
|
||||
if ( odnlen <= patlen )
|
||||
continue;
|
||||
if ( op->o_ndn[odnlen - patlen - 1] != ',' )
|
||||
if ( !DN_SEPARATOR( op->o_ndn[odnlen - patlen - 1] ) || DN_ESCAPE( op->o_ndn[odnlen - patlen - 2] ) )
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -525,7 +525,7 @@ select_backend(
|
||||
}
|
||||
|
||||
|
||||
if ( len && len < dnlen && !DN_SEPARATOR( dn[(dnlen-len)-1] ) ) {
|
||||
if ( len && len < dnlen && ( !DN_SEPARATOR( dn[(dnlen-len)-1] ) || DN_ESCAPE( dn[(dnlen-len)-2] ) ) ) {
|
||||
/* make sure we have a separator */
|
||||
continue;
|
||||
}
|
||||
|
@ -68,7 +68,7 @@ get_limits(
|
||||
}
|
||||
} else {
|
||||
/* check for unescaped rdn separator */
|
||||
if ( !DN_SEPARATOR( ndn[d-1] ) || SLAP_ESCAPE_CHAR == ndn[d-2] ) {
|
||||
if ( !DN_SEPARATOR( ndn[d-1] ) || DN_ESCAPE( ndn[d-2] ) ) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -85,6 +85,7 @@ LDAP_BEGIN_DECL
|
||||
#define FILTER_ESCAPE(c) ( (c) == '*' || (c) == '\\' \
|
||||
|| (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )
|
||||
|
||||
#define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR)
|
||||
#define DN_SEPARATOR(c) ((c) == ',' || (c) == ';')
|
||||
#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */
|
||||
#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
|
||||
|
Loading…
Reference in New Issue
Block a user