sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-28 01:58:17 +03:00
Code

Use ldb_dn_from_ldb_val to avoid possible over-run of the value.

Browse Source 
The ldb_val is length-limited, and while normally NULL terminated,
this avoids the chance that this particular value might not be, as
well as avoiding a cast.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2008-10-27 13:32:23 +11:00
parent adf016e119
commit 9381a78c39
7 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
source4/dsdb/samdb/ldb_modules/linked_attributes.c
View File

@ -79,13 +79,13 @@ static struct la_context *linked_attributes_init(struct ldb_module *module,
/* Common routine to handle reading the attributes and creating a /* Common routine to handle reading the attributes and creating a
* series of modify requests */ * series of modify requests */
static int la_store_op(struct la_context *ac, static int la_store_op(struct la_context *ac,
enum la_op op, char *dn, enum la_op op, struct ldb_val *dn,
const char *name, const char *value) const char *name, const char *value)
{ {
struct la_op_store *os, *tmp; struct la_op_store *os, *tmp;
struct ldb_dn *op_dn; struct ldb_dn *op_dn;
op_dn = ldb_dn_new(ac, ac->module->ldb, dn); op_dn = ldb_dn_from_ldb_val(ac, ac->module->ldb, dn);
if (!op_dn) { if (!op_dn) {
return LDB_ERR_OPERATIONS_ERROR; return LDB_ERR_OPERATIONS_ERROR;
} }
@ -233,7 +233,7 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
for (j = 0; j < el->num_values; j++) { for (j = 0; j < el->num_values; j++) {
ret = la_store_op(ac, LA_OP_ADD, ret = la_store_op(ac, LA_OP_ADD,
(char *)el->values[j].data, &el->values[j],
attr_name, attr_val); attr_name, attr_val);
if (ret != LDB_SUCCESS) { if (ret != LDB_SUCCESS) {
return ret; return ret;
@ -327,7 +327,7 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
/* make sure we manage each value */ /* make sure we manage each value */
for (j = 0; j < search_el->num_values; j++) { for (j = 0; j < search_el->num_values; j++) {
ret = la_store_op(ac, LA_OP_DEL, ret = la_store_op(ac, LA_OP_DEL,
(char *)search_el->values[j].data, &search_el->values[j],
attr_name, dn); attr_name, dn);
if (ret != LDB_SUCCESS) { if (ret != LDB_SUCCESS) {
talloc_free(ares); talloc_free(ares);
@ -445,7 +445,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
/* For each value being added, we need to setup the adds */ /* For each value being added, we need to setup the adds */
for (j = 0; j < el->num_values; j++) { for (j = 0; j < el->num_values; j++) {
ret = la_store_op(ac, LA_OP_ADD, ret = la_store_op(ac, LA_OP_ADD,
(char *)el->values[j].data, &el->values[j],
attr_name, attr_val); attr_name, attr_val);
if (ret != LDB_SUCCESS) { if (ret != LDB_SUCCESS) {
return ret; return ret;
@ -459,7 +459,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
/* For each value being deleted, we need to setup the delete */ /* For each value being deleted, we need to setup the delete */
for (j = 0; j < el->num_values; j++) { for (j = 0; j < el->num_values; j++) {
ret = la_store_op(ac, LA_OP_DEL, ret = la_store_op(ac, LA_OP_DEL,
(char *)el->values[j].data, &el->values[j],
attr_name, attr_val); attr_name, attr_val);
if (ret != LDB_SUCCESS) { if (ret != LDB_SUCCESS) {
return ret; return ret;
@ -701,7 +701,7 @@ static int la_op_search_callback(struct ldb_request *req,
} }
for (j = 0; j < el->num_values; j++) { for (j = 0; j < el->num_values; j++) {
ret = la_store_op(ac, LA_OP_DEL, ret = la_store_op(ac, LA_OP_DEL,
(char *)el->values[j].data, &el->values[j],
attr_name, deldn); attr_name, deldn);
if (ret != LDB_SUCCESS) { if (ret != LDB_SUCCESS) {
talloc_free(ares); talloc_free(ares);
@ -710,7 +710,7 @@ static int la_op_search_callback(struct ldb_request *req,
} }
if (!adddn) continue; if (!adddn) continue;
ret = la_store_op(ac, LA_OP_ADD, ret = la_store_op(ac, LA_OP_ADD,
(char *)el->values[j].data, &el->values[j],
attr_name, adddn); attr_name, adddn);
if (ret != LDB_SUCCESS) { if (ret != LDB_SUCCESS) {
talloc_free(ares); talloc_free(ares);

2
source4/dsdb/samdb/ldb_modules/normalise.c
View File

@ -120,7 +120,7 @@ static int normalize_search_callback(struct ldb_request *req, struct ldb_reply *
} }
for (j = 0; j < msg->elements[i].num_values; j++) { for (j = 0; j < msg->elements[i].num_values; j++) {
const char *dn_str; const char *dn_str;
struct ldb_dn *dn = ldb_dn_new(ac, ac->module->ldb, (const char *)msg->elements[i].values[j].data); struct ldb_dn *dn = ldb_dn_from_ldb_val(ac, ac->module->ldb, &msg->elements[i].values[j]);
if (!dn) { if (!dn) {
return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
} }

6
source4/lib/ldb/common/attrib_handlers.c
View File

@ -240,7 +240,7 @@ int ldb_canonicalise_dn(struct ldb_context *ldb, void *mem_ctx,
out->length = 0; out->length = 0;
out->data = NULL; out->data = NULL;
dn = ldb_dn_new(ldb, mem_ctx, (char *)in->data); dn = ldb_dn_from_ldb_val(ldb, mem_ctx, in);
if ( ! ldb_dn_validate(dn)) { if ( ! ldb_dn_validate(dn)) {
return LDB_ERR_INVALID_DN_SYNTAX; return LDB_ERR_INVALID_DN_SYNTAX;
} }
@ -268,10 +268,10 @@ int ldb_comparison_dn(struct ldb_context *ldb, void *mem_ctx,
struct ldb_dn *dn1 = NULL, *dn2 = NULL; struct ldb_dn *dn1 = NULL, *dn2 = NULL;
int ret; int ret;
dn1 = ldb_dn_new(ldb, mem_ctx, (char *)v1->data); dn1 = ldb_dn_from_ldb_val(ldb, mem_ctx, v1);
if ( ! ldb_dn_validate(dn1)) return -1; if ( ! ldb_dn_validate(dn1)) return -1;
dn2 = ldb_dn_new(ldb, mem_ctx, (char *)v2->data); dn2 = ldb_dn_from_ldb_val(ldb, mem_ctx, v2);
if ( ! ldb_dn_validate(dn2)) { if ( ! ldb_dn_validate(dn2)) {
talloc_free(dn1); talloc_free(dn1);
return -1; return -1;

4
source4/lib/ldb/common/ldb_ldif.c
View File

@ -562,11 +562,11 @@ struct ldb_ldif *ldb_ldif_read(struct ldb_context *ldb,
goto failed; goto failed;
} }
msg->dn = ldb_dn_new(msg, ldb, (char *)value.data); msg->dn = ldb_dn_from_ldb_val(msg, ldb, &value);
if ( ! ldb_dn_validate(msg->dn)) { if ( ! ldb_dn_validate(msg->dn)) {
ldb_debug(ldb, LDB_DEBUG_ERROR, "Error: Unable to parse dn '%s'\n", ldb_debug(ldb, LDB_DEBUG_ERROR, "Error: Unable to parse dn '%s'\n",
value.data); (char *)value.data);
goto failed; goto failed;
} }

2
source4/lib/ldb/common/ldb_match.c
View File

@ -147,7 +147,7 @@ static int ldb_match_equality(struct ldb_context *ldb,
int ret; int ret;
if (ldb_attr_dn(tree->u.equality.attr) == 0) { if (ldb_attr_dn(tree->u.equality.attr) == 0) {
valuedn = ldb_dn_new(ldb, ldb, (char *)tree->u.equality.value.data); valuedn = ldb_dn_from_ldb_val(ldb, ldb, &tree->u.equality.value);
if (valuedn == NULL) { if (valuedn == NULL) {
return 0; return 0;
} }

4
source4/lib/ldb/ldb_map/ldb_map.c
View File

@ -626,7 +626,7 @@ static struct ldb_val ldb_dn_convert_local(struct ldb_module *module, void *mem_
struct ldb_dn *dn, *newdn; struct ldb_dn *dn, *newdn;
struct ldb_val newval; struct ldb_val newval;
dn = ldb_dn_new(mem_ctx, module->ldb, (char *)val->data); dn = ldb_dn_from_ldb_val(mem_ctx, module->ldb, val);
if (! ldb_dn_validate(dn)) { if (! ldb_dn_validate(dn)) {
newval.length = 0; newval.length = 0;
newval.data = NULL; newval.data = NULL;
@ -652,7 +652,7 @@ static struct ldb_val ldb_dn_convert_remote(struct ldb_module *module, void *mem
struct ldb_dn *dn, *newdn; struct ldb_dn *dn, *newdn;
struct ldb_val newval; struct ldb_val newval;
dn = ldb_dn_new(mem_ctx, module->ldb, (char *)val->data); dn = ldb_dn_from_ldb_val(mem_ctx, module->ldb, val);
if (! ldb_dn_validate(dn)) { if (! ldb_dn_validate(dn)) {
newval.length = 0; newval.length = 0;
newval.data = NULL; newval.data = NULL;

6
source4/rpc_server/samr/dcesrv_samr.c
View File

@ -2451,7 +2451,7 @@ static NTSTATUS dcesrv_samr_QueryGroupMember(struct dcesrv_call_state *dce_call,
struct ldb_message **res2; struct ldb_message **res2;
const char * const attrs2[2] = { "objectSid", NULL }; const char * const attrs2[2] = { "objectSid", NULL };
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
ldb_dn_new(mem_ctx, a_state->sam_ctx, (const char *)el->values[i].data), ldb_dn_from_ldb_val(mem_ctx, a_state->sam_ctx, &el->values[i]),
&res2, attrs2); &res2, attrs2);
if (ret != 1) if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;
@ -2845,8 +2845,8 @@ static NTSTATUS dcesrv_samr_GetMembersInAlias(struct dcesrv_call_state *dce_call
struct ldb_message **msgs2; struct ldb_message **msgs2;
const char * const attrs2[2] = { "objectSid", NULL }; const char * const attrs2[2] = { "objectSid", NULL };
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
ldb_dn_new(mem_ctx, a_state->sam_ctx, (const char *)el->values[i].data), ldb_dn_new(mem_ctx, a_state->sam_ctx, &el->values[i]),
&msgs2, attrs2); &msgs2, attrs2);
if (ret != 1) if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;