From 34773a351dd5d97080b262d99571789fff370314 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Mon, 7 May 2001 00:43:39 +0000
Subject: [PATCH] lber hardening

---
 CHANGES                    |  3 +-
 libraries/liblber/decode.c |  9 ++++-
 libraries/liblber/io.c     |  2 ++
 tests/scripts/start-master | 67 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 79 insertions(+), 2 deletions(-)
 create mode 100755 tests/scripts/start-master

diff --git a/CHANGES b/CHANGES
index 038959411d..532d7d6db9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,9 +7,10 @@ Changes included in OpenLDAP 1.2.12 Engineering
 	Fixed ldapsearch uninitialized fp bug
 	Fixed Pth initialization bug
 	Fixed libldap/add mod_bvalues typo
-	Fixed ldappasswd crypt(3) crash (ITD#598)
+	Fixed ldappasswd crypt(3) crash (ITS#598)
 	Fixed slapd/config.c MAXARGS boundary condition bug
 	Fixed cn=monitor/config rdwr lock leak
+	Fixed liblber exception handling bugs
 	Build Environment
 		Remove extra Digital UNIX symbol (ITS#590)
 		Ignore make clean rm failure
diff --git a/libraries/liblber/decode.c b/libraries/liblber/decode.c
index 90d5f33354..56d8613bc7 100644
--- a/libraries/liblber/decode.c
+++ b/libraries/liblber/decode.c
@@ -114,6 +114,12 @@ ber_skip_tag( BerElement *ber, unsigned long *len )
 		*len = lc;
 	}
 
+
+	/* BER element should have enough data left */
+	if( *len > ber->ber_end - ber->ber_ptr ) {
+		return LBER_DEFAULT;
+	}
+
 	return( tag );
 }
 
@@ -190,7 +196,8 @@ ber_get_stringb( BerElement *ber, char *buf, unsigned long *len )
 
 	if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT )
 		return( LBER_DEFAULT );
-	if ( datalen > (*len - 1) )
+
+	if ( datalen >= *len )
 		return( LBER_DEFAULT );
 
 	if ( (unsigned long) ber_read( ber, buf, datalen ) != datalen )
diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
index a60983bef9..d769dcdf8f 100644
--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
@@ -541,12 +541,14 @@ ber_get_next( Sockbuf *sb, unsigned long *len, BerElement *ber )
 
 #if defined( DOS ) && !defined( _WIN32 )
 		if ( *len > 65535 ) {	/* DOS can't allocate > 64K */
+			errno = ERANGE;
 		    return( LBER_DEFAULT );
 		}
 #endif /* DOS && !_WIN32 */
 
 		if ( ( sb->sb_options & LBER_MAX_INCOMING_SIZE ) &&
 		    *len > (unsigned long) sb->sb_max_incoming ) {
+			errno = ERANGE;
 			return( LBER_DEFAULT );
 		}
 
diff --git a/tests/scripts/start-master b/tests/scripts/start-master
new file mode 100755
index 0000000000..4d365bc6f4
--- /dev/null
+++ b/tests/scripts/start-master
@@ -0,0 +1,67 @@
+#! /bin/sh
+
+if test $# -eq 0 ; then
+	SRCDIR="."
+else
+	SRCDIR=$1; shift
+fi
+if test $# -eq 1 ; then
+	BACKEND=$1; shift
+fi
+
+echo "running defines.sh $SRCDIR $BACKEND"
+
+. $SRCDIR/scripts/defines.sh
+
+echo "Datadir is $DATADIR"
+
+echo "Cleaning up in $DBDIR..."
+
+rm -f $DBDIR/[!C]*
+
+echo "Running ldif2ldbm to build slapd database..."
+$LDIF2LDBM -f $CONF -i $LDIF -e ../servers/slapd/tools
+RC=$?
+if test $RC != 0 ; then
+	echo "ldif2ldbm failed!"
+	exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT..."
+$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
+PID=$!
+
+echo "Using ldapsearch to retrieve all the entries..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -L -S "" -b "$BASEDN" -h localhost -p $PORT \
+		'objectClass=*' > $SEARCHOUT 2>&1
+	RC=$?
+	if test $RC = 1 ; then
+		echo "Waiting 5 seconds for slapd to start..."
+		sleep 5
+	fi
+done
+
+# kill -HUP $PID
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed!"
+	exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $SRCDIR/scripts/acfilter.sh < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $SRCDIR/scripts/acfilter.sh < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+cmp $SEARCHFLT $LDIFFLT
+
+if test $? != 0 ; then
+	echo "comparison failed - database was not created correctly"
+	exit 1
+fi
+
+echo ">>>>> Master (pid=$PID) started"
+
+
+exit 0