mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-24 13:24:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#9425 add more checks to ldap_X509dn2bv

Browse Source
This commit is contained in:
Howard Chu 2020-12-14 20:05:44 +00:00
parent 777098aa9d
commit d2936fb1d5
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libraries/libldap/tls2.c
View File

@ -1499,6 +1499,8 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
for ( tag = ber_first_element( ber, &len, &rdn_end );
tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, rdn_end )) {
if ( rdn_end > dn_end )
return LDAP_DECODING_ERROR;
tag = ber_skip_tag( ber, &len );
ber_skip_data( ber, len );
navas++;
@ -1508,7 +1510,7 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
/* Rewind and prepare to extract */
ber_rewind( ber );
tag = ber_first_element( ber, &len, &dn_end );
if ( tag == LBER_DEFAULT )
if ( tag != LBER_SET )
return LDAP_DECODING_ERROR;
/* Allocate the DN/RDN/AVA stuff as a single block */
@ -1621,6 +1623,10 @@ allocd:
/* X.690 bitString value converted to RFC4517 Bit String */
rc = der_to_ldap_BitString( &Val, &newAVA->la_value );
goto allocd;
case LBER_DEFAULT:
/* decode error */
rc = LDAP_DECODING_ERROR;
goto nomem;
default:
/* Not a string type at all */
newAVA->la_flags = 0;