1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Don't walk past the end of ldb values.

This is a partial fix towards bugs due to us walking past the end of
what we think are strings in ldb.  There is much more work to do in
this area.

Andrew Bartlett
(This used to be commit 5805a9a8f3)
This commit is contained in:
Andrew Bartlett 2008-08-21 19:24:58 +10:00
parent 38f7405298
commit 4ad97a1d05
11 changed files with 54 additions and 24 deletions

View File

@ -160,7 +160,7 @@ static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
new_msg->dn = ldb_dn_new(new_msg, ldb, (char *)el->values[j].data);
new_msg->dn = ldb_dn_from_ldb_val(new_msg, ldb, &el->values[j]);
if (!new_msg->dn) {
ldb_asprintf_errstring(ldb,
"attribute %s value %s was not a valid DN", msg->elements[i].name,
@ -330,7 +330,7 @@ static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb
/* Add all the existing elements, marking as 'proposed for delete' by setting .add = false */
for (i=0; i < search_el->num_values; i++) {
merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1);
merged_list[size].dn = ldb_dn_new(merged_list, ldb, (char *)search_el->values[i].data);
merged_list[size].dn = ldb_dn_from_ldb_val(merged_list, ldb, &search_el->values[i]);
merged_list[size].add = false;
merged_list[size].ignore = false;
size++;
@ -339,7 +339,7 @@ static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb
/* Add all the new replacement elements, marking as 'proposed for add' by setting .add = true */
for (i=0; i < ac2->el->num_values; i++) {
merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1);
merged_list[size].dn = ldb_dn_new(merged_list, ldb, (char *)ac2->el->values[i].data);
merged_list[size].dn = ldb_dn_from_ldb_val(merged_list, ldb, &ac2->el->values[i]);
merged_list[size].add = true;
merged_list[size].ignore = false;
size++;
@ -610,7 +610,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
ldb_oom(module->ldb);
return LDB_ERR_OPERATIONS_ERROR;
}
new_msg->dn = ldb_dn_new(new_msg, module->ldb, (char *)el->values[j].data);
new_msg->dn = ldb_dn_from_ldb_val(new_msg, module->ldb, &el->values[j]);
if (!new_msg->dn) {
ldb_asprintf_errstring(module->ldb,
"attribute %s value %s was not a valid DN", req->op.mod.message->elements[i].name,

View File

@ -112,7 +112,7 @@ static int normalise_search_callback(struct ldb_context *ldb, void *context, str
}
for (j = 0; j < ares->message->elements[i].num_values; j++) {
const char *dn_str;
struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb, (const char *)ares->message->elements[i].values[j].data);
struct ldb_dn *dn = ldb_dn_from_ldb_val(mem_ctx, ldb, &ares->message->elements[i].values[j]);
if (!dn) {
talloc_free(mem_ctx);
return LDB_ERR_OPERATIONS_ERROR;

View File

@ -925,7 +925,7 @@ static int partition_init(struct ldb_module *module)
}
for (i=0; i < replicate_attributes->num_values; i++) {
data->replicate[i] = ldb_dn_new(data->replicate, module->ldb, (const char *)replicate_attributes->values[i].data);
data->replicate[i] = ldb_dn_from_ldb_val(data->replicate, module->ldb, &replicate_attributes->values[i]);
if (!ldb_dn_validate(data->replicate[i])) {
ldb_asprintf_errstring(module->ldb,
"partition_init: "

View File

@ -248,7 +248,7 @@ static int schema_validate_dn(struct ldb_context *ldb, struct ldb_val *val, int
struct ldb_dn *dn;
int ret = LDB_SUCCESS;
dn = ldb_dn_new(ldb, ldb, (const char *)val->data);
dn = ldb_dn_from_ldb_val(ldb, ldb, val);
if ( ! ldb_dn_validate(dn)) {
ret = LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
}

View File

@ -154,7 +154,7 @@ static struct ldb_val objectCategory_always_dn(struct ldb_module *module, TALLOC
struct ldb_val out = data_blob(NULL, 0);
const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, "objectCategory");
dn = ldb_dn_new(ctx, module->ldb, val->data);
dn = ldb_dn_from_ldb_val(ctx, module->ldb, val);
if (dn && ldb_dn_validate(dn)) {
talloc_free(dn);
return val_copy(module, ctx, val);

View File

@ -38,7 +38,7 @@ static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
{
enum ndr_err_code ndr_err;
struct dom_sid *sid;
sid = dom_sid_parse_talloc(mem_ctx, (const char *)in->data);
sid = dom_sid_parse_length(mem_ctx, in);
if (sid == NULL) {
return -1;
}
@ -70,12 +70,11 @@ static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
talloc_free(sid);
return -1;
}
out->data = (uint8_t *)dom_sid_string(mem_ctx, sid);
*out = data_blob_string_const(dom_sid_string(mem_ctx, sid));
talloc_free(sid);
if (out->data == NULL) {
return -1;
}
out->length = strlen((const char *)out->data);
return 0;
}
@ -146,10 +145,16 @@ static int ldif_read_objectGUID(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
struct GUID guid;
char *guid_string;
NTSTATUS status;
enum ndr_err_code ndr_err;
guid_string = talloc_strndup(mem_ctx, in->data, in->length);
if (!guid_string) {
return -1;
}
status = GUID_from_string((const char *)in->data, &guid);
status = GUID_from_string(guid_string, &guid);
talloc_free(guid_string);
if (!NT_STATUS_IS_OK(status)) {
return -1;
}
@ -324,7 +329,7 @@ static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_c
}
return LDB_SUCCESS;
}
dn1 = ldb_dn_new(tmp_ctx, ldb, (char *)in->data);
dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, in);
if ( ! ldb_dn_validate(dn1)) {
const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length);
class = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);

View File

@ -71,7 +71,7 @@ struct ldb_dn {
};
/* strdn may be NULL */
struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *strdn)
struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn)
{
struct ldb_dn *dn;
@ -82,27 +82,27 @@ struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *st
dn->ldb = ldb;
if (strdn) {
if (strdn[0] == '@') {
if (strdn->data && strdn->length) {
if (strdn->data[0] == '@') {
dn->special = true;
}
if (strncasecmp(strdn, "<GUID=", 6) == 0) {
if (strdn->length >= 6 && strncasecmp((const char *)strdn->data, "<GUID=", 6) == 0) {
/* this is special DN returned when the
* exploded_dn control is used */
dn->special = true;
/* FIXME: add a GUID string to ldb_dn structure */
} else if (strncasecmp(strdn, "<SID=", 8) == 0) {
} else if (strdn->length >= 8 && strncasecmp((const char *)strdn->data, "<SID=", 8) == 0) {
/* this is special DN returned when the
* exploded_dn control is used */
dn->special = true;
/* FIXME: add a SID string to ldb_dn structure */
} else if (strncasecmp(strdn, "<WKGUID=", 8) == 0) {
} else if (strdn->length >= 8 && strncasecmp((const char *)strdn->data, "<WKGUID=", 8) == 0) {
/* this is special DN returned when the
* exploded_dn control is used */
dn->special = true;
/* FIXME: add a WKGUID string to ldb_dn structure */
}
dn->linearized = talloc_strdup(dn, strdn);
dn->linearized = talloc_strndup(dn, (const char *)strdn->data, strdn->length);
} else {
dn->linearized = talloc_strdup(dn, "");
}
@ -115,6 +115,15 @@ failed:
return NULL;
}
/* strdn may be NULL */
struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *strdn)
{
struct ldb_val blob;
blob.data = strdn;
blob.length = strdn ? strlen(strdn) : 0;
return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
}
struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...)
{
struct ldb_dn *dn;

View File

@ -389,10 +389,10 @@ int ldb_msg_find_attr_as_bool(const struct ldb_message *msg,
if (!v || !v->data) {
return default_value;
}
if (strcasecmp((const char *)v->data, "FALSE") == 0) {
if (v->length == 5 && strncasecmp((const char *)v->data, "FALSE", 5) == 0) {
return 0;
}
if (strcasecmp((const char *)v->data, "TRUE") == 0) {
if (v->length == 4 && strncasecmp((const char *)v->data, "TRUE", 4) == 0) {
return 1;
}
return default_value;
@ -421,7 +421,7 @@ struct ldb_dn *ldb_msg_find_attr_as_dn(struct ldb_context *ldb,
if (!v || !v->data) {
return NULL;
}
res_dn = ldb_dn_new(mem_ctx, ldb, (const char *)v->data);
res_dn = ldb_dn_from_ldb_val(mem_ctx, ldb, v);
if ( ! ldb_dn_validate(res_dn)) {
talloc_free(res_dn);
return NULL;

View File

@ -1381,6 +1381,7 @@ int ldb_base64_decode(char *s);
struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *dn);
struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...) PRINTF_ATTRIBUTE(3,4);
struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn);
bool ldb_dn_validate(struct ldb_dn *dn);
char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value);

View File

@ -176,7 +176,7 @@ _PUBLIC_ DATA_BLOB data_blob_string_const(const char *str)
{
DATA_BLOB blob;
blob.data = discard_const_p(uint8_t, str);
blob.length = strlen(str);
blob.length = str ? strlen(str) : 0;
return blob;
}

View File

@ -151,6 +151,21 @@ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
return ret;
}
/*
convert a string to a dom_sid, returning a talloc'd dom_sid
*/
struct dom_sid *dom_sid_parse_length(TALLOC_CTX *mem_ctx, const DATA_BLOB *sid)
{
struct dom_sid *ret;
char *p = talloc_strndup(mem_ctx, sid->data, sid->length);
if (!p) {
return NULL;
}
ret = dom_sid_parse_talloc(mem_ctx, p);
talloc_free(p);
return ret;
}
/*
copy a dom_sid structure
*/