X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_init.c;h=2455a2a1f33bba4d788f8e469e405a268ba254df;hb=8d0711b08f24e9084c816800d6e74be89c7a0a49;hp=5409bc1e002969ca07af2155b6e96591380517d1;hpb=1d0e916c6f92e4a76375ee8dcbcc59ea8f7927e4;p=openldap

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 5409bc1e00..2455a2a1f3 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -1,7 +1,7 @@
 /* schema_init.c - init builtin schema */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -59,7 +59,6 @@
 #define caseIgnoreOrderingMatch			caseIgnoreMatch
 #define caseExactOrderingMatch			caseExactMatch
 #define integerOrderingMatch			integerMatch
-#define	octetStringOrderingMatch		octetStringMatch
 
 /* unimplemented matching routines */
 #define caseIgnoreListMatch				NULL
@@ -138,6 +137,26 @@ octetStringMatch(
 	return LDAP_SUCCESS;
 }
 
+static int
+octetStringOrderingMatch(
+	int *matchp,
+	slap_mask_t flags,
+	Syntax *syntax,
+	MatchingRule *mr,
+	struct berval *value,
+	void *assertedValue )
+{
+	ber_len_t v_len  = value->bv_len;
+	ber_len_t av_len = ((struct berval *) assertedValue)->bv_len;
+	int match = memcmp( value->bv_val,
+		((struct berval *) assertedValue)->bv_val,
+		(v_len < av_len ? v_len : av_len) );
+	if( match == 0 )
+		match = v_len - av_len;
+	*matchp = match;
+	return LDAP_SUCCESS;
+}
+
 /* Index generation function */
 int octetStringIndexer(
 	slap_mask_t use,
@@ -295,46 +314,6 @@ bitStringValidate(
 	return LDAP_SUCCESS;
 }
 
-static int
-bitStringNormalize(
-	Syntax *syntax,
-	struct berval *val,
-	struct berval *normalized )
-{
-	/*
-	 * A normalized bitString is has no extaneous (leading) zero bits.
-	 * That is, '00010'B is normalized to '10'B
-	 * However, as a special case, '0'B requires no normalization.
-	 */
-	char *p;
-
-	/* start at the first bit */
-	p = &val->bv_val[1];
-
-	/* Find the first non-zero bit */
-	while ( *p == '0' ) p++;
-
-	if( *p == '\'' ) {
-		/* no non-zero bits */
-		ber_str2bv( "\'0\'B", sizeof("\'0\'B") - 1, 1, normalized );
-		goto done;
-	}
-
-	normalized->bv_val = ch_malloc( val->bv_len + 1 );
-
-	normalized->bv_val[0] = '\'';
-	normalized->bv_len = 1;
-
-	for( ; *p != '\0'; p++ ) {
-		normalized->bv_val[normalized->bv_len++] = *p;
-	}
-
-	normalized->bv_val[normalized->bv_len] = '\0';
-
-done:
-	return LDAP_SUCCESS;
-}
-
 static int
 nameUIDValidate(
 	Syntax *syntax,
@@ -386,57 +365,44 @@ nameUIDNormalize(
 
 	ber_dupbv( &out, val );
 	if( out.bv_len != 0 ) {
-		struct berval uidin = { 0, NULL };
-		struct berval uidout = { 0, NULL };
+		struct berval uid = { 0, NULL };
 
 		if( out.bv_val[out.bv_len-1] == 'B'
 			&& out.bv_val[out.bv_len-2] == '\'' )
 		{
 			/* assume presence of optional UID */
-			uidin.bv_val = strrchr( out.bv_val, '#' );
+			uid.bv_val = strrchr( out.bv_val, '#' );
 
-			if( uidin.bv_val == NULL ) {
+			if( uid.bv_val == NULL ) {
 				free( out.bv_val );
 				return LDAP_INVALID_SYNTAX;
 			}
 
-			uidin.bv_len = out.bv_len - (uidin.bv_val - out.bv_val);
-			out.bv_len -= uidin.bv_len--;
+			uid.bv_len = out.bv_len - (uid.bv_val - out.bv_val);
+			out.bv_len -= uid.bv_len--;
 
 			/* temporarily trim the UID */
-			*(uidin.bv_val++) = '\0';
-
-			rc = bitStringNormalize( syntax, &uidin, &uidout );
-
-			if( rc != LDAP_SUCCESS ) {
-				free( out.bv_val );
-				return LDAP_INVALID_SYNTAX;
-			}
+			*(uid.bv_val++) = '\0';
 		}
 
-#ifdef USE_DN_NORMALIZE
 		rc = dnNormalize2( NULL, &out, normalized );
-#else
-		rc = dnPretty2( NULL, &out, normalized );
-#endif
 
 		if( rc != LDAP_SUCCESS ) {
 			free( out.bv_val );
-			free( uidout.bv_val );
 			return LDAP_INVALID_SYNTAX;
 		}
 
-		if( uidout.bv_len ) {
+		if( uid.bv_len ) {
 			normalized->bv_val = ch_realloc( normalized->bv_val,
-				normalized->bv_len + uidout.bv_len + sizeof("#") );
+				normalized->bv_len + uid.bv_len + sizeof("#") );
 
 			/* insert the separator */
 			normalized->bv_val[normalized->bv_len++] = '#';
 
 			/* append the UID */
 			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
-				uidout.bv_val, uidout.bv_len );
-			normalized->bv_len += uidout.bv_len;
+				uid.bv_val, uid.bv_len );
+			normalized->bv_len += uid.bv_len;
 
 			/* terminate */
 			normalized->bv_val[normalized->bv_len] = '\0';
@@ -706,7 +672,7 @@ UTF8SubstringsassertionNormalize(
 	SubstringsAssertion *nsa;
 	int i;
 
-	nsa = (SubstringsAssertion *)ch_calloc( 1, sizeof(SubstringsAssertion) );
+	nsa = (SubstringsAssertion *)SLAP_CALLOC( 1, sizeof(SubstringsAssertion) );
 	if( nsa == NULL ) {
 		return NULL;
 	}
@@ -723,7 +689,10 @@ UTF8SubstringsassertionNormalize(
 			/* empty */
 		}
 		nsa->sa_any = (struct berval *)
-			ch_malloc( (i + 1) * sizeof(struct berval) );
+			SLAP_MALLOC( (i + 1) * sizeof(struct berval) );
+		if( nsa->sa_any == NULL ) {
+				goto err;
+		}
 
 		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
 			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
@@ -3450,7 +3419,7 @@ objectIdentifierFirstComponentMatch(
 	int rc = LDAP_SUCCESS;
 	int match;
 	struct berval *asserted = (struct berval *) assertedValue;
-	ber_len_t i;
+	ber_len_t i, j;
 	struct berval oid;
 
 	if( value->bv_len == 0 || value->bv_val[0] != '(' /*')'*/ ) {
@@ -3464,8 +3433,8 @@ objectIdentifierFirstComponentMatch(
 
 	/* grab next word */
 	oid.bv_val = &value->bv_val[i];
-	oid.bv_len = value->bv_len - i;
-	for( i=1; ASCII_SPACE(value->bv_val[i]) && i < oid.bv_len; i++ ) {
+	j = value->bv_len - i;
+	for( i=0; !ASCII_SPACE(oid.bv_val[i]) && i < j; i++ ) {
 		/* empty */
 	}
 	oid.bv_len = i;
@@ -3521,7 +3490,6 @@ objectIdentifierFirstComponentMatch(
 		match, value->bv_val, asserted->bv_val );
 #endif
 
-
 	if( rc == LDAP_SUCCESS ) *matchp = match;
 	return rc;
 }
@@ -3539,12 +3507,16 @@ integerBitAndMatch(
 
 	/* safe to assume integers are NUL terminated? */
 	lValue = strtoul(value->bv_val, NULL, 10);
-	if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE )
+	if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE ) {
 		return LDAP_CONSTRAINT_VIOLATION;
+	}
 
 	lAssertedValue = strtol(((struct berval *)assertedValue)->bv_val, NULL, 10);
-	if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX) && errno == ERANGE )
+	if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX)
+		&& errno == ERANGE )
+	{
 		return LDAP_CONSTRAINT_VIOLATION;
+	}
 
 	*matchp = (lValue & lAssertedValue) ? 0 : 1;
 	return LDAP_SUCCESS;
@@ -3563,12 +3535,16 @@ integerBitOrMatch(
 
 	/* safe to assume integers are NUL terminated? */
 	lValue = strtoul(value->bv_val, NULL, 10);
-	if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE )
+	if(( lValue == LONG_MIN || lValue == LONG_MAX) && errno == ERANGE ) {
 		return LDAP_CONSTRAINT_VIOLATION;
+	}
 
 	lAssertedValue = strtol(((struct berval *)assertedValue)->bv_val, NULL, 10);
-	if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX) && errno == ERANGE )
+	if(( lAssertedValue == LONG_MIN || lAssertedValue == LONG_MAX)
+		&& errno == ERANGE )
+	{
 		return LDAP_CONSTRAINT_VIOLATION;
+	}
 
 	*matchp = (lValue | lAssertedValue) ? 0 : -1;
 	return LDAP_SUCCESS;
@@ -3577,7 +3553,6 @@ integerBitOrMatch(
 #ifdef HAVE_TLS
 #include <openssl/x509.h>
 #include <openssl/err.h>
-char digit[] = "0123456789";
 
 /*
  * Next function returns a string representation of a ASN1_INTEGER.
@@ -3589,6 +3564,7 @@ asn1_integer2str(ASN1_INTEGER *a, struct berval *bv)
 {
 	char buf[256];
 	char *p;
+	static char digit[] = "0123456789";
   
 	/* We work backwards, make it fill from the end of buf */
 	p = buf + sizeof(buf) - 1;
@@ -3631,8 +3607,8 @@ asn1_integer2str(ASN1_INTEGER *a, struct berval *bv)
 				return NULL;
 			}
 			*--p = digit[carry];
-			if (copy[base] == 0)
-				base++;
+
+			if (copy[base] == 0) base++;
 		}
 		free(copy);
 	}
@@ -3676,7 +3652,9 @@ certificateExactConvert(
 		X509_free(xcert);
 		return LDAP_INVALID_SYNTAX;
 	}
-	if ( dnX509normalize(X509_get_issuer_name(xcert), &issuer_dn ) != LDAP_SUCCESS ) {
+	if ( dnX509normalize(X509_get_issuer_name(xcert), &issuer_dn )
+		!= LDAP_SUCCESS )
+	{
 		X509_free(xcert);
 		ber_memfree(serial.bv_val);
 		return LDAP_INVALID_SYNTAX;
@@ -3724,33 +3702,34 @@ serial_and_issuer_parse(
 
 	begin = assertion->bv_val;
 	end = assertion->bv_val+assertion->bv_len-1;
-	for (p=begin; p<=end && *p != '$'; p++)
-		;
-	if ( p > end )
-		return LDAP_INVALID_SYNTAX;
+	for (p=begin; p<=end && *p != '$'; p++) /* empty */ ;
+	if ( p > end ) return LDAP_INVALID_SYNTAX;
 
-	/* p now points at the $ sign, now use begin and end to delimit the
-	   serial number */
-	while (ASCII_SPACE(*begin))
-		begin++;
+	/* p now points at the $ sign, now use
+	 * begin and end to delimit the serial number
+	 */
+	while (ASCII_SPACE(*begin)) begin++;
 	end = p-1;
-	while (ASCII_SPACE(*end))
-		end--;
+	while (ASCII_SPACE(*end)) end--;
+
+	if( end <= begin ) return LDAP_INVALID_SYNTAX;
 
 	bv.bv_len = end-begin+1;
 	bv.bv_val = begin;
 	ber_dupbv(serial, &bv);
 
 	/* now extract the issuer, remember p was at the dollar sign */
-	if ( issuer_dn ) {
-		begin = p+1;
-		end = assertion->bv_val+assertion->bv_len-1;
-		while (ASCII_SPACE(*begin))
-			begin++;
-		/* should we trim spaces at the end too? is it safe always? */
+	begin = p+1;
+	end = assertion->bv_val+assertion->bv_len-1;
+	while (ASCII_SPACE(*begin)) begin++;
+	/* should we trim spaces at the end too? is it safe always? no, no */
+
+	if( end <= begin ) return LDAP_INVALID_SYNTAX;
 
+	if ( issuer_dn ) {
 		bv.bv_len = end-begin+1;
 		bv.bv_val = begin;
+
 		dnNormalize2( NULL, &bv, issuer_dn );
 	}
 
@@ -3794,8 +3773,7 @@ certificateExactMatch(
 	X509_free(xcert);
 
 	serial_and_issuer_parse(assertedValue,
-				&asserted_serial,
-				&asserted_issuer_dn);
+		&asserted_serial, &asserted_issuer_dn);
 
 	ret = integerMatch(
 		matchp,
@@ -3891,8 +3869,7 @@ static int certificateExactIndexer(
 		asn1_integer2str(xcert->cert_info->serialNumber, &serial);
 		X509_free(xcert);
 		integerNormalize( slap_schema.si_syn_integer,
-				  &serial,
-				  &keys[i] );
+			&serial, &keys[i] );
 		ber_memfree(serial.bv_val);
 #ifdef NEW_LOGGING
 		LDAP_LOG( CONFIG, ENTRY, 
@@ -3923,10 +3900,10 @@ static int certificateExactFilter(
 {
 	BerVarray keys;
 	struct berval asserted_serial;
+	int ret;
 
-	serial_and_issuer_parse(assertedValue,
-				&asserted_serial,
-				NULL);
+	ret = serial_and_issuer_parse( assertedValue, &asserted_serial, NULL );
+	if( ret != LDAP_SUCCESS ) return ret;
 
 	keys = ch_malloc( sizeof( struct berval ) * 2 );
 	integerNormalize( syntax, &asserted_serial, &keys[0] );
@@ -4287,7 +4264,7 @@ static slap_syntax_defs_rec syntax_defs[] = {
 		X_NOT_H_R ")",
 		SLAP_SYNTAX_BER, berValidate, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )",
-		0, bitStringValidate, bitStringNormalize, NULL },
+		0, bitStringValidate, NULL, NULL },
 	{"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )",
 		0, booleanValidate, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' "
@@ -4405,7 +4382,7 @@ static slap_syntax_defs_rec syntax_defs[] = {
 	 * Chadwick in private mail.
 	 */
 	{"( 1.2.826.0.1.3344810.7.1 DESC 'Serial Number and Issuer' )",
-		0, NULL, NULL, NULL},
+		0, UTF8StringValidate, NULL, NULL},
 #endif
 
 	/* OpenLDAP Experimental Syntaxes */