mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

More ITS#6215: Catch malformed elements in ber_get_stringbvl().

Browse Source 
Do not use ber_<first/next>_element(), which have no error return.
This commit is contained in:
Hallvard Furuseth 2009-08-07 19:26:11 +00:00
parent bc20500e62
commit 3802aa5483
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
libraries/liblber/decode.c
View File

@ -366,20 +366,29 @@ ber_get_stringbvl( BerElement *ber, bgbvr *b )
char *bo; /* BvOff */ char *bo; /* BvOff */
} res; } res;
/* For rewinding, just like ber_peek_tag() */ tag = ber_skip_tag( ber, &bv.bv_len );
orig = ber->ber_ptr;
tag = ber->ber_tag; if ( tag != LBER_DEFAULT ) {
tag = 0;
orig = ber->ber_ptr;
last = orig + bv.bv_len;
if ( ber_first_element( ber, &bv.bv_len, &last ) != LBER_DEFAULT ) {
for ( ; ber->ber_ptr < last; i++, tot_size += siz ) { for ( ; ber->ber_ptr < last; i++, tot_size += siz ) {
if ( ber_skip_element( ber, &bv ) == LBER_DEFAULT ) if ( ber_skip_element( ber, &bv ) == LBER_DEFAULT )
break; break;
} }
if ( ber->ber_ptr != last ) {
i = 0;
tag = LBER_DEFAULT;
}
ber->ber_ptr = orig;
ber->ber_tag = *(unsigned char *) orig;
} }
b->siz = i; b->siz = i;
if ( i == 0 ) { if ( i == 0 ) {
return 0; return tag;
} }
/* Allocate and NULL-terminate the result vector */ /* Allocate and NULL-terminate the result vector */
@ -406,14 +415,11 @@ ber_get_stringbvl( BerElement *ber, bgbvr *b )
tot_size = 0; tot_size = 0;
break; break;
} }
ber->ber_ptr = orig;
ber->ber_tag = tag;
ber_skip_tag( ber, &bv.bv_len );
n = 0; n = 0;
do { do {
tag = ber_next_element( ber, &bv.bv_len, last ); tag = ber_get_stringbv( ber, &bv, b->alloc );
if ( ber_get_stringbv( ber, &bv, b->alloc ) == LBER_DEFAULT ) { if ( tag == LBER_DEFAULT ) {
goto nomem; goto nomem;
} }