From 62813f55aff803d401a04a55e9a0b88fd910234e Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 1 Sep 2015 01:09:46 +0100 Subject: [PATCH] ITS#8233 reject lines with unbalanced quotes --- servers/slapd/config.c | 18 ++++++++++++------ servers/slapd/schema/ppolicy.schema | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 2b8e429df1..8345dcfd30 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -94,7 +94,7 @@ int slapi_plugins_used = 0; static int fp_getline(FILE *fp, ConfigArgs *c); static void fp_getline_init(ConfigArgs *c); -static char *strtok_quote(char *line, char *sep, char **quote_ptr); +static char *strtok_quote(char *line, char *sep, char **quote_ptr, int *inquote); static char *strtok_quote_ldif(char **line); ConfigArgs * @@ -2133,7 +2133,7 @@ done:; static char * -strtok_quote( char *line, char *sep, char **quote_ptr ) +strtok_quote( char *line, char *sep, char **quote_ptr, int *iqp ) { int inquote; char *tmp; @@ -2183,6 +2183,7 @@ strtok_quote( char *line, char *sep, char **quote_ptr ) break; } } + *iqp = inquote; return( tmp ); } @@ -2270,22 +2271,23 @@ config_fp_parse_line(ConfigArgs *c) }; char *quote_ptr; int i = (int)(sizeof(hide)/sizeof(hide[0])) - 1; + int inquote = 0; c->tline = ch_strdup(c->line); - token = strtok_quote(c->tline, " \t", "e_ptr); + token = strtok_quote(c->tline, " \t", "e_ptr, &inquote); if(token) for(i = 0; hide[i]; i++) if(!strcasecmp(token, hide[i])) break; if(quote_ptr) *quote_ptr = ' '; - Debug(LDAP_DEBUG_CONFIG, "line %d (%s%s)\n", c->lineno, + Debug(LDAP_DEBUG_CONFIG, "%s (%s%s)\n", c->log, hide[i] ? hide[i] : c->line, hide[i] ? " ***" : ""); if(quote_ptr) *quote_ptr = '\0'; - for(;; token = strtok_quote(NULL, " \t", "e_ptr)) { + for(;; token = strtok_quote(NULL, " \t", "e_ptr, &inquote)) { if(c->argc >= c->argv_size) { char **tmp; tmp = ch_realloc(c->argv, (c->argv_size + ARGS_STEP) * sizeof(*c->argv)); if(!tmp) { - Debug(LDAP_DEBUG_ANY, "line %d: out of memory\n", c->lineno, 0, 0); + Debug(LDAP_DEBUG_ANY, "%s: out of memory\n", c->log, 0, 0); return -1; } c->argv = tmp; @@ -2295,6 +2297,10 @@ config_fp_parse_line(ConfigArgs *c) break; c->argv[c->argc++] = token; } + if (inquote) { + Debug(LDAP_DEBUG_ANY, "%s: unterminated quoted string \"%s\"\n", c->log, c->argv[c->argc-1], 0); + return -1; + } c->argv[c->argc] = NULL; return(0); } diff --git a/servers/slapd/schema/ppolicy.schema b/servers/slapd/schema/ppolicy.schema index a9c7f11d37..5cfe81b8bf 100644 --- a/servers/slapd/schema/ppolicy.schema +++ b/servers/slapd/schema/ppolicy.schema @@ -356,7 +356,7 @@ attributetype ( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - DESC 'Loadable module that instantiates "check_password() function' + DESC 'Loadable module that instantiates check_password() function' SINGLE-VALUE ) objectclass ( 1.3.6.1.4.1.4754.2.99.1