From 6ae9bf167de480ea39da4014c0c5e67e4c404102 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 1 Dec 2020 21:29:19 +0000 Subject: [PATCH] ITS#9014 fix component match parsing errors --- servers/slapd/component.c | 16 +++++++++------- servers/slapd/schema_init.c | 3 +++ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/servers/slapd/component.c b/servers/slapd/component.c index 0995f1b6e4..f00085c8ed 100644 --- a/servers/slapd/component.c +++ b/servers/slapd/component.c @@ -347,7 +347,7 @@ get_comp_filter( Operation* op, struct berval* bv, return rc; } rc = parse_comp_filter( op, &cav, filt, text ); - bv->bv_val = cav.cav_ptr; + /* bv->bv_val = cav.cav_ptr; */ return rc; } @@ -1067,7 +1067,7 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav, */ ber_tag_t tag; - int err; + int err = LDAP_SUCCESS; ComponentFilter f; /* TAG : item, and, or, not in RFC 4515 */ tag = strip_cav_tag( cav ); @@ -1077,10 +1077,11 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav, return LDAP_PROTOCOL_ERROR; } - if ( tag != LDAP_COMP_FILTER_NOT ) - strip_cav_str( cav, "{"); - - err = LDAP_SUCCESS; + if ( tag != LDAP_COMP_FILTER_NOT ) { + err = strip_cav_str( cav, "{"); + if ( err ) + goto invalid; + } f.cf_next = NULL; f.cf_choice = tag; @@ -1154,13 +1155,14 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav, break; } +invalid: if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) { *text = "Component Filter Syntax Error"; return err; } if ( tag != LDAP_COMP_FILTER_NOT ) - strip_cav_str( cav, "}"); + err = strip_cav_str( cav, "}"); if ( err == LDAP_SUCCESS ) { if ( op ) { diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index da477ad3da..d7856f6de8 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -327,6 +327,9 @@ certificateValidate( Syntax *syntax, struct berval *in ) ber_len_t len; ber_int_t version = SLAP_X509_V1; + if ( BER_BVISNULL( in ) || BER_BVISEMPTY( in )) + return LDAP_INVALID_SYNTAX; + ber_init2( ber, in, LBER_USE_DER ); tag = ber_skip_tag( ber, &len ); /* Signed wrapper */ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;