mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-18 11:05:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Import -llber hardening

Browse Source
This commit is contained in:
Kurt Zeilenga 2001-05-06 21:53:57 +00:00
parent a2f1c95d40
commit b8a60b33ee
4 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libraries/liblber/decode.c
View File

@ -137,6 +137,11 @@ ber_skip_tag( BerElement *ber, ber_len_t *len )
*len = lc; *len = lc;
} }
/* BER element should have enough data left */
if( *len > ber_pvt_ber_remaining( ber ) ) {
return LBER_DEFAULT;
}
return tag; return tag;
} }
@ -252,7 +257,9 @@ ber_get_stringb(
if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT ) { if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT ) {
return LBER_DEFAULT; return LBER_DEFAULT;
} }
if ( datalen > (*len - 1) ) {
/* must fit within allocated space with termination */
if ( datalen >= *len ) {
return LBER_DEFAULT; return LBER_DEFAULT;
} }

14
libraries/liblber/io.c
View File

@ -77,7 +77,7 @@ ber_read(
assert( BER_VALID( ber ) ); assert( BER_VALID( ber ) );
nleft = ber->ber_end - ber->ber_ptr; nleft = ber_pvt_ber_remaining( ber );
actuallen = nleft < len ? nleft : len; actuallen = nleft < len ? nleft : len;
AC_MEMCPY( buf, ber->ber_ptr, actuallen ); AC_MEMCPY( buf, ber->ber_ptr, actuallen );
@ -524,15 +524,25 @@ get_lenbyte:
ber->ber_rwptr += res; ber->ber_rwptr += res;
/* convert length. */ /* convert length. */
ber->ber_len = 0;
for( to_go = 0; to_go < res ; to_go++ ) { for( to_go = 0; to_go < res ; to_go++ ) {
ber->ber_len <<= 8; ber->ber_len <<= 8;
ber->ber_len |= netlen[to_go]; ber->ber_len |= netlen[to_go];
} }
if (PTR_IN_VAR(ber->ber_rwptr, ber->ber_len))
return LBER_DEFAULT;
} }
fill_buffer: fill_buffer:
/* now fill the buffer. */ /* now fill the buffer. */
/* make sure length is reasonable */
if ( ber->ber_len == 0 ||
( sb->sb_max_incoming && ber->ber_len > sb->sb_max_incoming ))
{
errno = ERANGE;
return LBER_DEFAULT;
}
if (ber->ber_buf==NULL) { if (ber->ber_buf==NULL) {
ber->ber_buf = (char *) LBER_MALLOC( ber->ber_len ); ber->ber_buf = (char *) LBER_MALLOC( ber->ber_len );
if (ber->ber_buf==NULL) { if (ber->ber_buf==NULL) {

1
libraries/liblber/lber-int.h
View File

@ -74,6 +74,7 @@ struct sockbuf {
ber_socket_t sb_fd; ber_socket_t sb_fd;
unsigned int sb_trans_needs_read:1; unsigned int sb_trans_needs_read:1;
unsigned int sb_trans_needs_write:1; unsigned int sb_trans_needs_write:1;
ber_len_t sb_max_incoming;
}; };
#define SOCKBUF_VALID( sb ) ( (sb)->sb_valid == LBER_VALID_SOCKBUF ) #define SOCKBUF_VALID( sb ) ( (sb)->sb_valid == LBER_VALID_SOCKBUF )

17
libraries/liblber/sockbuf.c
View File

@ -21,6 +21,10 @@
#include <io.h> #include <io.h>
#endif /* HAVE_IO_H */ #endif /* HAVE_IO_H */
#if defined( HAVE_FCNTL_H )
#include <fcntl.h>
#endif
#if defined( HAVE_SYS_FILIO_H ) #if defined( HAVE_SYS_FILIO_H )
#include <sys/filio.h> #include <sys/filio.h>
#elif defined( HAVE_SYS_IOCTL_H ) #elif defined( HAVE_SYS_IOCTL_H )
@ -69,6 +73,7 @@ ber_sockbuf_ctrl( Sockbuf *sb, int opt, void *arg )
int ret = 0; int ret = 0;
assert( sb != NULL ); assert( sb != NULL );
assert( SOCKBUF_VALID( sb ) );
switch ( opt ) { switch ( opt ) {
case LBER_SB_OPT_HAS_IO: case LBER_SB_OPT_HAS_IO:
@ -120,6 +125,18 @@ ber_sockbuf_ctrl( Sockbuf *sb, int opt, void *arg )
ret = ( sb->sb_trans_needs_write ? 1 : 0 ); ret = ( sb->sb_trans_needs_write ? 1 : 0 );
break; break;
case LBER_SB_OPT_GET_MAX_INCOMING:
if ( arg != NULL ) {
*((ber_len_t *)arg) = sb->sb_max_incoming;
}
ret = 1;
break;
case LBER_SB_OPT_SET_MAX_INCOMING:
sb->sb_max_incoming = *((ber_len_t *)arg);
ret = 1;
break;
default: default:
ret = sb->sb_iod->sbiod_io->sbi_ctrl( sb->sb_iod, ret = sb->sb_iod->sbiod_io->sbi_ctrl( sb->sb_iod,
opt, arg ); opt, arg );