]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b41f2ca)
Fix strchrlen running past end of berval
authorHoward Chu <hyc@openldap.org>
Mon, 8 May 2006 12:43:01 +0000 (12:43 +0000)
committerHoward Chu <hyc@openldap.org>
Mon, 8 May 2006 12:43:01 +0000 (12:43 +0000)
servers/slapd/ad.c patch | blob | history

diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c
index 4ac9b6a8c042768c66d4632825fa8605ba45d021..46be761d9f603d2301834cd64b6f77c6b8a0f999 100644 (file)
--- a/servers/slapd/ad.c
+++ b/servers/slapd/ad.c
@@ -125,15 +125,16 @@ int slap_str2ad(
 
 static char *strchrlen(
        const char *p, 
+       const char *end,
        const char ch, 
        int *len )
 {
        int i;
 
-       for( i=0; p[i]; i++ ) {
-               if( p[i] == ch ) {
+       for( i=0; *p && p < end; i++,p++ ) {
+               if( *p == ch ) {
                        *len = i;
-                       return (char *) &p[i];
+                       return (char *) p;
                }
        }
 
@@ -148,7 +149,7 @@ int slap_bv2ad(
 {
        int rtn = LDAP_UNDEFINED_TYPE;
        AttributeDescription desc, *d2;
-       char *name, *options;
+       char *name, *options, *optn;
        char *opt, *next;
        int ntags;
        int tagslen;
@@ -201,11 +202,12 @@ int slap_bv2ad(
        ntags = 0;
        memset( tags, 0, sizeof( tags ));
        tagslen = 0;
+       optn = bv->bv_val + bv->bv_len;
 
        for( opt=options; opt != NULL; opt=next ) {
                int optlen;
                opt++; 
-               next = strchrlen( opt, ';', &optlen );
+               next = strchrlen( opt, optn, ';', &optlen );
 
                if( optlen == 0 ) {
                        *text = "zero length option is invalid";
@@ -443,19 +445,21 @@ static int is_ad_subtags(
        struct berval *subtagsbv, 
        struct berval *suptagsbv )
 {
-       const char *suptags, *supp, *supdelimp;
-       const char *subtags, *subp, *subdelimp;
+       const char *suptags, *supp, *supdelimp, *supn;
+       const char *subtags, *subp, *subdelimp, *subn;
        int  suplen, sublen;
 
        subtags =subtagsbv->bv_val;
        suptags =suptagsbv->bv_val;
+       subn = subtags + subtagsbv->bv_len;
+       supn = suptags + suptagsbv->bv_len;
 
        for( supp=suptags ; supp; supp=supdelimp ) {
-               supdelimp = strchrlen( supp, ';', &suplen );
+               supdelimp = strchrlen( supp, supn, ';', &suplen );
                if( supdelimp ) supdelimp++;
 
                for( subp=subtags ; subp; subp=subdelimp ) {
-                       subdelimp = strchrlen( subp, ';', &sublen );
+                       subdelimp = strchrlen( subp, subn, ';', &sublen );
                        if( subdelimp ) subdelimp++;
 
                        if ( suplen > sublen
Cloned from git://git.openldap.org/openldap.git