1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/lib/ldap_escape.c
Andreas Schneider ff7568daae s3:lib: Use memcpy() in escape_ldap_string()
../source3/lib/ldap_escape.c: In function ‘escape_ldap_string’:
../source3/lib/ldap_escape.c:79:4: error: ‘strncpy’ output truncated
    before terminating nul copying 3 bytes from a string of the same length
[-Werror=stringop-truncation]
    strncpy (p, sub, 3);
    ^~~~~~~~~~~~~~~~~~~

We concatenat and do not care about NUL-termination till the loop has
finished.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2018-05-17 17:30:09 +02:00

138 lines
2.5 KiB
C

/*
Unix SMB/CIFS implementation.
ldap filter argument escaping
Copyright (C) 1998, 1999, 2000 Luke Howard <lukeh@padl.com>,
Copyright (C) 2003 Andrew Bartlett <abartlet@samba.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
/**
* Escape a parameter to an LDAP filter string, so they cannot contain
* embeded ( ) * or \ chars which may cause it not to parse correctly.
*
* @param s The input string
*
* @return A string allocated with talloc(), containing the escaped string,
* and to be talloc_free()ed by the caller.
**/
char *escape_ldap_string(TALLOC_CTX *mem_ctx, const char *s)
{
size_t len = strlen(s)+1;
char *output = talloc_array(mem_ctx, char, len);
const char *sub;
int i = 0;
char *p = output;
if (output == NULL) {
return NULL;
}
while (*s)
{
switch (*s)
{
case '*':
sub = "\\2a";
break;
case '(':
sub = "\\28";
break;
case ')':
sub = "\\29";
break;
case '\\':
sub = "\\5c";
break;
default:
sub = NULL;
break;
}
if (sub) {
char *tmp;
len = len + 3;
tmp = talloc_realloc(mem_ctx, output, char, len);
if (tmp == NULL) {
TALLOC_FREE(output);
return NULL;
}
output = tmp;
p = &output[i];
memcpy(p, sub, 3);
p += 3;
i += 3;
} else {
*p = *s;
p++;
i++;
}
s++;
}
*p = '\0';
return output;
}
char *escape_rdn_val_string_alloc(const char *s)
{
char *output, *p;
/* The maximum size of the escaped string can be twice the actual size */
output = (char *)SMB_MALLOC(2*strlen(s) + 1);
if (output == NULL) {
return NULL;
}
p = output;
while (*s)
{
switch (*s)
{
case ',':
case '=':
case '+':
case '<':
case '>':
case '#':
case ';':
case '\\':
case '\"':
*p++ = '\\';
*p++ = *s;
break;
default:
*p = *s;
p++;
}
s++;
}
*p = '\0';
/* resize the string to the actual final size */
output = (char *)SMB_REALLOC(output, strlen(output) + 1);
return output;
}