mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-24 13:24:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

(almost blind) fix potential strchr() read-past-end of berval

Browse Source
This commit is contained in:
Pierangelo Masarati 2006-05-26 00:07:55 +00:00
parent 5f58c733cc
commit 1efd2ef101
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
servers/slapd/back-ldif/ldif.c
View File

@ -86,6 +86,7 @@ dn2path(struct berval * dn, struct berval * suffixdn, struct berval * base_path,
struct berval *res)
{
char *ptr, *sep, *end;
struct berval bv;
assert( dn != NULL );
assert( !BER_BVISNULL( dn ) );
@ -107,14 +108,19 @@ dn2path(struct berval * dn, struct berval * suffixdn, struct berval * base_path,
}
strcpy(ptr, LDIF);
#if IX_FSL != IX_DNL
ptr = res->bv_val;
while( ptr=strchr(ptr, IX_DNL) ) {
bv = *res;
while ( ptr = ber_bvchr( &bv, IX_DNL ) ) {
*ptr++ = IX_FSL;
ptr = strchr(ptr, IX_DNR);
if ( ptr )
*ptr++ = IX_FSR;
else
assert( ( ptr - bv.bv_val ) <= bv.bv_len );
bv.bv_len -= ( ptr - bv.bv_val );
bv.bv_val = ptr;
ptr = ber_bvchr( &bv, IX_DNR );
if ( !ptr )
break;
*ptr++ = IX_FSR;
assert( ( ptr - bv.bv_val ) <= bv.bv_len );
bv.bv_len -= ( ptr - bv.bv_val );
bv.bv_val = ptr;
}
#endif
}
@ -412,11 +418,13 @@ static int r_enum_tree(enumCookie *ck, struct berval *path,
bvl = ch_malloc( sizeof(bvlist) );
ber_dupbv( &bvl->bv, &fname );
BER_BVZERO( &bvl->num );
itmp.bv_val = strchr( bvl->bv.bv_val, IX_FSL );
itmp.bv_val = ber_bvchr( &bvl->bv, IX_FSL );
if ( itmp.bv_val ) {
char *ptr;
itmp.bv_val++;
ptr = strchr( itmp.bv_val, IX_FSR );
itmp.bv_len = bvl->bv.bv_len
- ( itmp.bv_val - bvl->bv.bv_val );
ptr = ber_bvchr( &itmp, IX_FSR );
if ( ptr ) {
itmp.bv_len = ptr - itmp.bv_val;
ber_dupbv( &bvl->num, &itmp );