From: Kurt Zeilenga Date: Wed, 22 Jan 2003 22:29:11 +0000 (+0000) Subject: ITS#2275: PROTOS ber_get_next() fix X-Git-Tag: NO_SLAP_OP_BLOCKS~533 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=bd9bf709aa556651b8f761b31c1955ba5d71f9b9;p=openldap ITS#2275: PROTOS ber_get_next() fix Needs review!!!! --- diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c index d9c7d1609f..533cac82f8 100644 --- a/libraries/liblber/io.c +++ b/libraries/liblber/io.c @@ -500,16 +500,14 @@ ber_get_next( while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr < (char *)(&ber->ber_usertag + 1)) { - ber_slen_t i; + ber_slen_t sblen; char buf[sizeof(ber->ber_len)-1]; ber_len_t tlen = 0; - if ((i=ber_int_sb_read( sb, ber->ber_rwptr, - (char *)(&ber->ber_usertag+1)-ber->ber_rwptr))<=0) { - return LBER_DEFAULT; - } - - ber->ber_rwptr += i; + sblen=ber_int_sb_read( sb, ber->ber_rwptr, + (char *)(&ber->ber_usertag+1)-ber->ber_rwptr); + if (sblen<=0) return LBER_DEFAULT; + ber->ber_rwptr += sblen; /* We got at least one byte, try to parse the tag. */ if (ber->ber_ptr == (char *)&ber->ber_len-1) { @@ -517,6 +515,7 @@ ber_get_next( unsigned char *p = (unsigned char *)ber->ber_ptr; tag = *p++; if ((tag & LBER_BIG_TAG_MASK) == LBER_BIG_TAG_MASK) { + ber_len_t i; for (i=1; (char *)pber_rwptr; i++,p++) { tag <<= 8; tag |= *p; @@ -537,11 +536,12 @@ ber_get_next( ber->ber_tag = tag; ber->ber_ptr = (char *)p; - if (i == 1) continue; + if (sblen == 1) continue; } /* Now look for the length */ if (*ber->ber_ptr & 0x80) { /* multi-byte */ + ber_len_t i; int llen = *(unsigned char *)ber->ber_ptr++ & 0x7f; if (llen > (int)sizeof(ber_len_t)) { errno = ERANGE; @@ -551,23 +551,27 @@ ber_get_next( if (ber->ber_rwptr - ber->ber_ptr < llen) { return LBER_DEFAULT; } - for (i=0; iber_ptrber_rwptr; i++,ber->ber_ptr++) { + for (i=0; + iber_ptrber_rwptr; + i++,ber->ber_ptr++) + { tlen <<=8; tlen |= *(unsigned char *)ber->ber_ptr; } } else { tlen = *(unsigned char *)ber->ber_ptr++; } + /* Are there leftover data bytes inside ber->ber_len? */ if (ber->ber_ptr < (char *)&ber->ber_usertag) { if (ber->ber_rwptr < (char *)&ber->ber_usertag) - i = ber->ber_rwptr - ber->ber_ptr; + sblen = ber->ber_rwptr - ber->ber_ptr; else - i = (char *)&ber->ber_usertag - ber->ber_ptr; - AC_MEMCPY(buf, ber->ber_ptr, i); - ber->ber_ptr += i; + sblen = (char *)&ber->ber_usertag - ber->ber_ptr; + AC_MEMCPY(buf, ber->ber_ptr, sblen); + ber->ber_ptr += sblen; } else { - i = 0; + sblen = 0; } ber->ber_len = tlen; @@ -577,7 +581,9 @@ ber_get_next( if ( ber->ber_len == 0 ) { errno = ERANGE; return LBER_DEFAULT; - } else if ( sb->sb_max_incoming && ber->ber_len > sb->sb_max_incoming ) { + } + + if ( sb->sb_max_incoming && ber->ber_len > sb->sb_max_incoming ) { #ifdef NEW_LOGGING LDAP_LOG( BER, ERR, "ber_get_next: sockbuf_max_incoming limit hit " @@ -597,7 +603,7 @@ ber_get_next( * make sure ber->ber_len agrees with what we've * already read. */ - if ( ber->ber_len < i + l ) { + if ( ber->ber_len < sblen + l ) { errno = ERANGE; return LBER_DEFAULT; } @@ -606,19 +612,19 @@ ber_get_next( return LBER_DEFAULT; } ber->ber_end = ber->ber_buf + ber->ber_len; - if (i) { - AC_MEMCPY(ber->ber_buf, buf, i); + if (sblen) { + AC_MEMCPY(ber->ber_buf, buf, sblen); } if (l > 0) { - AC_MEMCPY(ber->ber_buf + i, ber->ber_ptr, l); - i += l; + AC_MEMCPY(ber->ber_buf + sblen, ber->ber_ptr, l); + sblen += l; } ber->ber_ptr = ber->ber_buf; ber->ber_usertag = 0; - if ((ber_len_t)i == ber->ber_len) { + if ((ber_len_t)sblen == ber->ber_len) { goto done; } - ber->ber_rwptr = ber->ber_buf + i; + ber->ber_rwptr = ber->ber_buf + sblen; } } @@ -630,8 +636,7 @@ ber_get_next( assert( to_go > 0 ); res = ber_int_sb_read( sb, ber->ber_rwptr, to_go ); - if (res<=0) - return LBER_DEFAULT; + if (res<=0) return LBER_DEFAULT; ber->ber_rwptr+=res; if (res