From 145e6fc1f82d627876022bbb6bcd4905e5784f1e Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 21 Aug 2007 10:52:16 +0000 Subject: [PATCH] fix or comment Calysto findings --- clients/tools/common.c | 9 ++++++++- libraries/libldap/controls.c | 3 ++- libraries/libldap/extended.c | 1 + libraries/liblutil/ldif.c | 3 +++ libraries/liblutil/sasl.c | 2 ++ servers/slapd/back-ldap/bind.c | 16 ++++++++++++++++ servers/slapd/back-meta/bind.c | 8 ++++++++ servers/slapd/config.c | 4 ++++ 8 files changed, 44 insertions(+), 2 deletions(-) diff --git a/clients/tools/common.c b/clients/tools/common.c index 78d8db7811..1c84ff2a5a 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -1816,6 +1816,13 @@ void tool_print_ctrls( char *str; int j; + /* FIXME: there might be cases where a control has NULL OID; + * this makes little sense, especially when returned by the + * server, but libldap happily allows it */ + if ( ctrls[i]->ldctl_oid == NULL ) { + continue; + } + len = ldif ? 2 : 0; len += strlen( ctrls[i]->ldctl_oid ); @@ -1824,7 +1831,7 @@ void tool_print_ctrls( ? sizeof("true") : sizeof("false"); /* convert to base64 */ - if ( ctrls[i]->ldctl_value.bv_len ) { + if ( !BER_BVISNULL( &ctrls[i]->ldctl_value ) ) { b64.bv_len = LUTIL_BASE64_ENCODE_LEN( ctrls[i]->ldctl_value.bv_len ) + 1; b64.bv_val = ber_memalloc( b64.bv_len + 1 ); diff --git a/libraries/libldap/controls.c b/libraries/libldap/controls.c index 51fde85a51..aa38040c3e 100644 --- a/libraries/libldap/controls.c +++ b/libraries/libldap/controls.c @@ -231,7 +231,7 @@ int ldap_pvt_get_controls( if( tag == LBER_OCTETSTRING ) { tag = ber_scanf( ber, "o", &tctrl->ldctl_value ); } else { - tctrl->ldctl_value.bv_val = NULL; + BER_BVZERO( &tctrl->ldctl_value ); } *ctrls = tctrls; @@ -350,6 +350,7 @@ ldap_control_dup( const LDAPControl *c ) } } else { + /* FIXME: how can a control have null OID? */ new->ldctl_oid = NULL; } diff --git a/libraries/libldap/extended.c b/libraries/libldap/extended.c index 644180de0e..5a6efda9f1 100644 --- a/libraries/libldap/extended.c +++ b/libraries/libldap/extended.c @@ -315,6 +315,7 @@ ldap_parse_intermediate ( if( retoidp != NULL ) *retoidp = NULL; if( retdatap != NULL ) *retdatap = NULL; + if( serverctrls != NULL ) *serverctrls = NULL; ber = ber_dup( res->lm_ber ); diff --git a/libraries/liblutil/ldif.c b/libraries/liblutil/ldif.c index 2af75fb732..482a604d62 100644 --- a/libraries/liblutil/ldif.c +++ b/libraries/liblutil/ldif.c @@ -865,6 +865,9 @@ ldif_read_record( fp2 = ldif_open_url( ptr ); if ( fp2 ) { LDIFFP *lnew = ber_memalloc( sizeof( LDIFFP )); + if ( lnew == NULL ) { + return 0; + } lnew->prev = lfp->prev; lnew->fp = lfp->fp; lfp->prev = lnew; diff --git a/libraries/liblutil/sasl.c b/libraries/liblutil/sasl.c index ffbd29846e..50b5a29ddc 100644 --- a/libraries/liblutil/sasl.c +++ b/libraries/liblutil/sasl.c @@ -49,6 +49,8 @@ lutil_sasl_freedefs( void *defaults ) { lutilSASLdefaults *defs = defaults; + + assert( defs != NULL ); if (defs->mech) ber_memfree(defs->mech); if (defs->realm) ber_memfree(defs->realm); diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index ebc51bdbd0..fd5e39b217 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -1352,6 +1352,14 @@ retry_lock:; li->li_acl_authcID.bv_val, li->li_acl_passwd.bv_val, NULL ); + if ( defaults == NULL ) { + rs->sr_err = LDAP_OTHER; + LDAP_BACK_CONN_ISBOUND_CLEAR( lc ); + if ( sendok & LDAP_BACK_SENDERR ) { + send_ldap_result( op, rs ); + } + goto done; + } rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld, li->li_acl_authcDN.bv_val, @@ -2091,6 +2099,14 @@ ldap_back_proxy_authz_bind( li->li_idassert_authcID.bv_val, li->li_idassert_passwd.bv_val, authzID.bv_val ); + if ( defaults == NULL ) { + rs->sr_err = LDAP_OTHER; + LDAP_BACK_CONN_ISBOUND_CLEAR( lc ); + if ( sendok & LDAP_BACK_SENDERR ) { + send_ldap_result( op, rs ); + } + goto done; + } rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld, binddn->bv_val, li->li_idassert_sasl_mech.bv_val, NULL, NULL, diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index c1c02496e8..03e3ec204e 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -1425,6 +1425,14 @@ meta_back_proxy_authz_cred( mt->mt_idassert_authcID.bv_val, mt->mt_idassert_passwd.bv_val, authzID.bv_val ); + if ( defaults == NULL ) { + rs->sr_err = LDAP_OTHER; + LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); + if ( sendok & LDAP_BACK_SENDERR ) { + send_ldap_result( op, rs ); + } + goto done; + } rs->sr_err = ldap_sasl_interactive_bind_s( msc->msc_ld, binddn->bv_val, mt->mt_idassert_sasl_mech.bv_val, NULL, NULL, diff --git a/servers/slapd/config.c b/servers/slapd/config.c index b99d8f0a19..d6655a78a0 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -1584,6 +1584,10 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb ) sb->sb_authcId.bv_val, sb->sb_cred.bv_val, sb->sb_authzId.bv_val ); + if ( defaults == NULL ) { + rc = LDAP_OTHER; + goto done; + } rc = ldap_sasl_interactive_bind_s( ld, sb->sb_binddn.bv_val, -- 2.39.5