From 181982470f4c0cc35cd6e8a04995cf59110798a4 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Mon, 27 Nov 2006 04:49:30 +0000 Subject: [PATCH] Reject malformed LDIF - missing modops, or mismatched attributes --- clients/tools/ldapmodify.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index 5556b54634..aa66c161ee 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -3,6 +3,7 @@ /* This work is part of OpenLDAP Software . * * Copyright 1998-2006 The OpenLDAP Foundation. + * Portions Copyright 2006 Howard Chu. * Portions Copyright 1998-2003 Kurt D. Zeilenga. * Portions Copyright 1998-2001 Net Boolean Incorporated. * Portions Copyright 2001-2003 IBM Corporation. @@ -32,6 +33,7 @@ * include: * Kurt D. Zeilenga * Norbert Klasen + * Howard Chu */ #include "portable.h" @@ -578,7 +580,7 @@ short_input: goto short_input; if ( BVICMP( btype+i, &BV_NEWRDN )) { fprintf( stderr, _("%s: expecting \"%s:\" but saw" - " \"%s:\" (line %d of entry \"%s\")\n"), + " \"%s:\" (line %d, entry \"%s\")\n"), prog, BV_NEWRDN.bv_val, btype[i].bv_val, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -589,7 +591,7 @@ short_input: goto short_input; if ( BVICMP( btype+i, &BV_DELETEOLDRDN )) { fprintf( stderr, _("%s: expecting \"%s:\" but saw" - " \"%s:\" (line %d of entry \"%s\")\n"), + " \"%s:\" (line %d, entry \"%s\")\n"), prog, BV_DELETEOLDRDN.bv_val, btype[i].bv_val, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -599,7 +601,7 @@ short_input: if ( i < lines ) { if ( BVICMP( btype+i, &BV_NEWSUP )) { fprintf( stderr, _("%s: expecting \"%s:\" but saw" - " \"%s:\" (line %d of entry \"%s\")\n"), + " \"%s:\" (line %d, entry \"%s\")\n"), prog, BV_NEWSUP.bv_val, btype[i].bv_val, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -628,7 +630,7 @@ short_input: if ( got_all ) { if ( i < lines ) { fprintf( stderr, - _("%s: extra lines at end (line %d of entry \"%s\")\n"), + _("%s: extra lines at end (line %d, entry \"%s\")\n"), prog, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -716,8 +718,8 @@ short_input: if ( ++icnt != vals[i].bv_len ) { fprintf( stderr, _("%s: illegal trailing space after" - " \"%s: %s\" trimmed (line %d of entry \"%s\")\n"), - prog, type, vals[i].bv_val, linenum, dn ); + " \"%s: %s\" trimmed (line %d, entry \"%s\")\n"), + prog, type, vals[i].bv_val, linenum+i, dn ); vals[i].bv_val[icnt] = '\0'; } #endif /* LIBERAL_CHANGETYPE_MODOP */ @@ -745,16 +747,27 @@ short_input: modop = LDAP_MOD_INCREMENT; mops[i] = M_SEP; nmods--; - } else { /* no modify op: use default */ - modop = ldapadd ? LDAP_MOD_ADD : LDAP_MOD_REPLACE; - mops[i] = modop; + } else { /* no modify op: invalid LDIF */ + fprintf( stderr, _("%s: modify operation type is missing at" + " line %d, entry \"%s\"\n"), + prog, linenum+i, dn ); + rc = LDAP_PARAM_ERROR; + goto leave; } + bv = vals[i]; } else if ( expect_sep && BER_BVISEMPTY( btype+i )) { mops[i] = M_SEP; expect_sep = 0; expect_modop = 1; nmods--; } else { + if ( BVICMP( btype+i, &bv )) { + fprintf( stderr, _("%s: wrong attributeType at" + " line %d, entry \"%s\"\n"), + prog, linenum+i, dn ); + rc = LDAP_PARAM_ERROR; + goto leave; + } mops[i] = modop; /* If prev op was deferred and matches this type, * clear the flag @@ -767,6 +780,7 @@ short_input: } } +#if 0 /* we should faithfully encode the LDIF, not combine */ /* Make sure all modops with multiple values are contiguous */ for (i=idn; i