mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-03-07 14:18:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#9404 fix serialNumberAndIssuerCheck

Browse Source 
Tighten validity checks
This commit is contained in:
Howard Chu 2020-11-23 17:14:00 +00:00
parent 1ea12260d5
commit dbe69684a1
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
servers/slapd/schema_init.c
View File

@ -3268,7 +3268,7 @@ serialNumberAndIssuerCheck(
if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) {
if( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) {
/* Parse old format */
is->bv_val = ber_bvchr( in, '$' );
if( BER_BVISNULL( is ) ) return LDAP_INVALID_SYNTAX;
@ -3299,7 +3299,7 @@ serialNumberAndIssuerCheck(
HAVE_ALL = ( HAVE_ISSUER | HAVE_SN )
} have = HAVE_NONE;
int numdquotes = 0;
int numdquotes = 0, gotquote;
struct berval x = *in;
struct berval ni;
x.bv_val++;
@ -3341,11 +3341,12 @@ serialNumberAndIssuerCheck(
is->bv_val = x.bv_val;
is->bv_len = 0;
for ( ; is->bv_len < x.bv_len; ) {
for ( gotquote=0; is->bv_len < x.bv_len; ) {
if ( is->bv_val[is->bv_len] != '"' ) {
is->bv_len++;
continue;
}
gotquote = 1;
if ( is->bv_val[is->bv_len+1] == '"' ) {
/* double dquote */
numdquotes++;
@ -3354,6 +3355,8 @@ serialNumberAndIssuerCheck(
}
break;
}
if ( !gotquote ) return LDAP_INVALID_SYNTAX;
x.bv_val += is->bv_len + 1;
x.bv_len -= is->bv_len + 1;