From 461db2de1a2f43583ef1ca3beecc69fce201c642 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 23 Jan 2013 02:19:02 +0000 Subject: [PATCH] ITS#7497 fix lineno overflow in ldif_read_record() --- clients/tools/ldapmodify.c | 8 +++---- include/ldap.h | 2 +- include/ldap_pvt.h | 2 +- include/ldif.h | 2 +- libraries/libldap/ldif.c | 2 +- libraries/libldap/ldifutil.c | 38 ++++++++++++++++----------------- servers/slapd/back-sql/config.c | 7 +++--- servers/slapd/root_dse.c | 7 +++--- servers/slapd/slapadd.c | 16 +++++++------- servers/slapd/slapcommon.c | 2 +- servers/slapd/slapcommon.h | 4 ++-- servers/slapd/slapmodify.c | 20 ++++++++--------- 12 files changed, 56 insertions(+), 54 deletions(-) diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index 2305bd756b..d35504e321 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -73,7 +73,7 @@ static int ldapadd; static char *rejfile = NULL; static LDAP *ld = NULL; -static int process_ldif_rec LDAP_P(( char *rbuf, int lineno )); +static int process_ldif_rec LDAP_P(( char *rbuf, unsigned long lineno )); static int domodify LDAP_P(( const struct berval *dn, LDAPMod **pmods, @@ -220,8 +220,8 @@ main( int argc, char **argv ) char *matched_msg, *error_msg; int rc, retval, ldifrc; int len; - int i = 0; - int lineno, nextline = 0, lmax = 0; + int i = 0, lmax = 0; + unsigned long lineno, nextline = 0; LDAPControl c[1]; prog = lutil_progname( "ldapmodify", argc, argv ); @@ -377,7 +377,7 @@ fail:; static int -process_ldif_rec( char *rbuf, int linenum ) +process_ldif_rec( char *rbuf, unsigned long linenum ) { LDIFRecord lr; int lrflags = ldapadd ? LDIF_DEFAULT_ADD : 0; diff --git a/include/ldap.h b/include/ldap.h index 2fd3b4324e..673dcc3e5d 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -2663,7 +2663,7 @@ ldap_ldif_record_done LDAP_P(( LDAP_F( int ) ldap_parse_ldif_record LDAP_P(( struct berval *rbuf, - int linenum, + unsigned long linenum, LDIFRecord *lr, const char *errstr, unsigned int flags )); diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h index 776e9cb197..871e7c1800 100644 --- a/include/ldap_pvt.h +++ b/include/ldap_pvt.h @@ -323,7 +323,7 @@ LDAP_F ( int ) ldap_pvt_discard LDAP_P(( LDAP_F( int ) ldap_parse_ldif_record_x LDAP_P(( struct berval *rbuf, - int linenum, + unsigned long linenum, struct ldifrecord *lr, const char *errstr, unsigned int flags, diff --git a/include/ldif.h b/include/ldif.h index 269dc522b5..e2b8a8e87a 100644 --- a/include/ldif.h +++ b/include/ldif.h @@ -105,7 +105,7 @@ ldif_close LDAP_P(( LDIFFP * )); LDAP_LDIF_F( int ) ldif_read_record LDAP_P(( LDIFFP *fp, - int *lineno, + unsigned long *lineno, char **bufp, int *buflen )); diff --git a/libraries/libldap/ldif.c b/libraries/libldap/ldif.c index 0b454068d7..529b0a9a20 100644 --- a/libraries/libldap/ldif.c +++ b/libraries/libldap/ldif.c @@ -814,7 +814,7 @@ ldif_close( int ldif_read_record( LDIFFP *lfp, - int *lno, /* ptr to line number counter */ + unsigned long *lno, /* ptr to line number counter */ char **bufp, /* ptr to malloced output buffer */ int *buflenp ) /* ptr to length of *bufp */ { diff --git a/libraries/libldap/ldifutil.c b/libraries/libldap/ldifutil.c index 28ba888987..92b0ae6663 100644 --- a/libraries/libldap/ldifutil.c +++ b/libraries/libldap/ldifutil.c @@ -100,7 +100,7 @@ ldap_ldif_record_done( LDIFRecord *lr ) int ldap_parse_ldif_record_x( struct berval *rbuf, - int linenum, + unsigned long linenum, LDIFRecord *lr, const char *errstr, unsigned int flags, @@ -155,7 +155,7 @@ ldap_parse_ldif_record_x( } if ( ( rc = ldif_parse_line2( line, lr->lr_btype+i, lr->lr_vals+i, &freev ) ) < 0 ) { - fprintf( stderr, _("%s: invalid format (line %d) entry: \"%s\"\n"), + fprintf( stderr, _("%s: invalid format (line %lu) entry: \"%s\"\n"), errstr, linenum+i, dn == NULL ? "" : dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -175,7 +175,7 @@ ldap_parse_ldif_record_x( if ( lr->lr_vals[i].bv_len != version1.bv_len || strncmp( lr->lr_vals[i].bv_val, version1.bv_val, version1.bv_len ) != 0 ) { fprintf( stderr, - _("%s: invalid version %s, line %d (ignored)\n"), + _("%s: invalid version %s, line %lu (ignored)\n"), errstr, lr->lr_vals[i].bv_val, linenum ); } version++; @@ -215,7 +215,7 @@ ldap_parse_ldif_record_x( rc = parse_ldif_control( lr->lr_vals+i, &pctrls ); if (rc != 0) { fprintf( stderr, - _("%s: Error processing %s line, line %d: %s\n"), + _("%s: Error processing %s line, line %lu: %s\n"), errstr, BV_CONTROL.bv_val, linenum+i, ldap_err2string(rc) ); } } @@ -223,7 +223,7 @@ ldap_parse_ldif_record_x( if ( i>= lr->lr_lines ) { short_input: fprintf( stderr, - _("%s: Expecting more input after %s line, line %d\n"), + _("%s: Expecting more input after %s line, line %lu\n"), errstr, lr->lr_btype[i-1].bv_val, linenum+i ); rc = LDAP_PARAM_ERROR; @@ -244,7 +244,7 @@ short_input: if ( ++icnt != lr->lr_vals[i].bv_len ) { fprintf( stderr, _("%s: illegal trailing space after" - " \"%s: %s\" trimmed (line %d, entry \"%s\")\n"), + " \"%s: %s\" trimmed (line %lu, entry \"%s\")\n"), errstr, BV_CHANGETYPE.bv_val, lr->lr_vals[i].bv_val, linenum+i, dn ); lr->lr_vals[i].bv_val[icnt] = '\0'; } @@ -255,7 +255,7 @@ short_input: if ( flags & LDIF_ENTRIES_ONLY ) { if ( !( BV_CASEMATCH( lr->lr_vals+i, &BV_ADDCT )) ) { ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug, - _("%s: skipping LDIF record beginning at line %d: " + _("%s: skipping LDIF record beginning at line %lu: " "changetype '%.*s' found but entries only was requested\n"), errstr, linenum, (int)lr->lr_vals[i].bv_len, @@ -279,7 +279,7 @@ short_input: goto short_input; if ( !BV_CASEMATCH( lr->lr_btype+i, &BV_NEWRDN )) { fprintf( stderr, _("%s: expecting \"%s:\" but saw" - " \"%s:\" (line %d, entry \"%s\")\n"), + " \"%s:\" (line %lu, entry \"%s\")\n"), errstr, BV_NEWRDN.bv_val, lr->lr_btype[i].bv_val, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -290,7 +290,7 @@ short_input: goto short_input; if ( !BV_CASEMATCH( lr->lr_btype+i, &BV_DELETEOLDRDN )) { fprintf( stderr, _("%s: expecting \"%s:\" but saw" - " \"%s:\" (line %d, entry \"%s\")\n"), + " \"%s:\" (line %lu, entry \"%s\")\n"), errstr, BV_DELETEOLDRDN.bv_val, lr->lr_btype[i].bv_val, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -300,7 +300,7 @@ short_input: if ( i < lr->lr_lines ) { if ( !BV_CASEMATCH( lr->lr_btype+i, &BV_NEWSUP )) { fprintf( stderr, _("%s: expecting \"%s:\" but saw" - " \"%s:\" (line %d, entry \"%s\")\n"), + " \"%s:\" (line %lu, entry \"%s\")\n"), errstr, BV_NEWSUP.bv_val, lr->lr_btype[i].bv_val, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -313,7 +313,7 @@ short_input: got_all = delete_entry = 1; } else { fprintf( stderr, - _("%s: unknown %s \"%s\" (line %d, entry \"%s\")\n"), + _("%s: unknown %s \"%s\" (line %lu, entry \"%s\")\n"), errstr, BV_CHANGETYPE.bv_val, lr->lr_vals[i].bv_val, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -327,7 +327,7 @@ short_input: there must be no changetype, and the flag LDIF_DEFAULT_ADD must be set */ if ( flags & LDIF_ENTRIES_ONLY ) { ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug, - _("%s: skipping LDIF record beginning at line %d: " + _("%s: skipping LDIF record beginning at line %lu: " "no changetype found but entries only was requested and " "the default setting for missing changetype is modify\n"), errstr, linenum ); @@ -339,7 +339,7 @@ short_input: if ( got_all ) { if ( i < lr->lr_lines ) { fprintf( stderr, - _("%s: extra lines at end (line %d, entry \"%s\")\n"), + _("%s: extra lines at end (line %lu, entry \"%s\")\n"), errstr, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -358,7 +358,7 @@ short_input: for (j=i+1; jlr_lines; j++) { if ( !lr->lr_btype[j].bv_val ) { fprintf( stderr, - _("%s: missing attributeDescription (line %d, entry \"%s\")\n"), + _("%s: missing attributeDescription (line %lu, entry \"%s\")\n"), errstr, linenum+j, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -400,7 +400,7 @@ short_input: if ( BV_CASEMATCH( lr->lr_btype+i, &BV_DN )) { fprintf( stderr, _("%s: attributeDescription \"%s\":" " (possible missing newline" - " after line %d, entry \"%s\"?)\n"), + " after line %lu, entry \"%s\"?)\n"), errstr, lr->lr_btype[i].bv_val, linenum+i - 1, dn ); } if ( !BV_CASEMATCH( lr->lr_btype+i, &bv )) { @@ -434,7 +434,7 @@ short_input: if ( ++icnt != lr->lr_vals[i].bv_len ) { fprintf( stderr, _("%s: illegal trailing space after" - " \"%s: %s\" trimmed (line %d, entry \"%s\")\n"), + " \"%s: %s\" trimmed (line %lu, entry \"%s\")\n"), errstr, type, lr->lr_vals[i].bv_val, linenum+i, dn ); lr->lr_vals[i].bv_val[icnt] = '\0'; } @@ -465,7 +465,7 @@ short_input: nmods--; } else { /* no modify op: invalid LDIF */ fprintf( stderr, _("%s: modify operation type is missing at" - " line %d, entry \"%s\"\n"), + " line %lu, entry \"%s\"\n"), errstr, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -479,7 +479,7 @@ short_input: } else { if ( !BV_CASEMATCH( lr->lr_btype+i, &bv )) { fprintf( stderr, _("%s: wrong attributeType at" - " line %d, entry \"%s\"\n"), + " line %lu, entry \"%s\"\n"), errstr, linenum+i, dn ); rc = LDAP_PARAM_ERROR; goto leave; @@ -564,7 +564,7 @@ leave: int ldap_parse_ldif_record( struct berval *rbuf, - int linenum, + unsigned long linenum, LDIFRecord *lr, const char *errstr, unsigned int flags ) diff --git a/servers/slapd/back-sql/config.c b/servers/slapd/back-sql/config.c index 257797a469..51e29076d9 100644 --- a/servers/slapd/back-sql/config.c +++ b/servers/slapd/back-sql/config.c @@ -539,7 +539,8 @@ read_baseObject( { backsql_info *bi = (backsql_info *)be->be_private; LDIFFP *fp; - int rc = 0, lineno = 0, lmax = 0, ldifrc; + int rc = 0, lmax = 0, ldifrc; + unsigned long lineno = 0; char *buf = NULL; assert( fname != NULL ); @@ -571,7 +572,7 @@ read_baseObject( if( e == NULL ) { fprintf( stderr, "back-sql baseObject: " - "could not parse entry (line=%d)\n", + "could not parse entry (line=%lu)\n", lineno ); rc = LDAP_OTHER; break; @@ -581,7 +582,7 @@ read_baseObject( if ( !be_issuffix( be, &e->e_nname ) ) { fprintf( stderr, "back-sql: invalid baseObject - " - "dn=\"%s\" (line=%d)\n", + "dn=\"%s\" (line=%lu)\n", e->e_name.bv_val, lineno ); entry_free( e ); rc = LDAP_OTHER; diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c index 84dd9180eb..195b52cfb9 100644 --- a/servers/slapd/root_dse.c +++ b/servers/slapd/root_dse.c @@ -401,7 +401,8 @@ int root_dse_read_file( const char *fname ) { struct LDIFFP *fp; - int rc = 0, lineno = 0, lmax = 0, ldifrc; + int rc = 0, lmax = 0, ldifrc; + unsigned long lineno = 0; char *buf = NULL; if ( (fp = ldif_open( fname, "r" )) == NULL ) { @@ -427,7 +428,7 @@ root_dse_read_file( const char *fname ) if( e == NULL ) { Debug( LDAP_DEBUG_ANY, "root_dse_read_file: " - "could not parse entry (file=\"%s\" line=%d)\n", + "could not parse entry (file=\"%s\" line=%lu)\n", fname, lineno, 0 ); rc = LDAP_OTHER; break; @@ -437,7 +438,7 @@ root_dse_read_file( const char *fname ) if( e->e_nname.bv_len ) { Debug( LDAP_DEBUG_ANY, "root_dse_read_file: invalid rootDSE " - "- dn=\"%s\" (file=\"%s\" line=%d)\n", + "- dn=\"%s\" (file=\"%s\" line=%lu)\n", e->e_dn, fname, lineno ); entry_free( e ); rc = LDAP_OTHER; diff --git a/servers/slapd/slapadd.c b/servers/slapd/slapadd.c index 8b297aec6e..8b339928e8 100644 --- a/servers/slapd/slapadd.c +++ b/servers/slapd/slapadd.c @@ -44,14 +44,14 @@ static char csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ]; typedef struct Erec { Entry *e; - int lineno; - int nextline; + unsigned long lineno; + unsigned long nextline; } Erec; typedef struct Trec { Entry *e; - int lineno; - int nextline; + unsigned long lineno; + unsigned long nextline; int rc; int ready; } Trec; @@ -108,7 +108,7 @@ again: 0); if( e == NULL ) { - fprintf( stderr, "%s: could not parse entry (line=%d)\n", + fprintf( stderr, "%s: could not parse entry (line=%lu)\n", progname, erec->lineno ); return -2; } @@ -117,7 +117,7 @@ again: if( BER_BVISEMPTY( &e->e_nname ) && !BER_BVISEMPTY( be->be_nsuffix )) { - fprintf( stderr, "%s: line %d: " + fprintf( stderr, "%s: line %lu: " "cannot add entry with empty dn=\"%s\"", progname, erec->lineno, e->e_dn ); bd = select_backend( &e->e_nname, nosubordinates ); @@ -144,7 +144,7 @@ again: /* check backend */ bd = select_backend( &e->e_nname, nosubordinates ); if ( bd != be ) { - fprintf( stderr, "%s: line %d: " + fprintf( stderr, "%s: line %lu: " "database #%d (%s) not configured to hold \"%s\"", progname, erec->lineno, dbnum, @@ -432,7 +432,7 @@ slapadd( int argc, char **argv ) id = be->be_entry_put( be, erec.e, &bvtext ); if( id == NOID ) { fprintf( stderr, "%s: could not add entry dn=\"%s\" " - "(line=%d): %s\n", progname, erec.e->e_dn, + "(line=%lu): %s\n", progname, erec.e->e_dn, erec.lineno, bvtext.bv_val ); rc = EXIT_FAILURE; if( continuemode ) { diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c index ad5735e37b..714e2bcca7 100644 --- a/servers/slapd/slapcommon.c +++ b/servers/slapd/slapcommon.c @@ -456,7 +456,7 @@ slap_tool_init( } break; case 'j': /* jump to linenumber */ - if ( lutil_atoi( &jumpline, optarg ) ) { + if ( lutil_atoul( &jumpline, optarg ) ) { usage( tool, progname ); } break; diff --git a/servers/slapd/slapcommon.h b/servers/slapd/slapcommon.h index 6764ffa6ec..9aee416b7b 100644 --- a/servers/slapd/slapcommon.h +++ b/servers/slapd/slapcommon.h @@ -43,9 +43,9 @@ typedef struct tool_vars { int tv_continuemode; int tv_nosubordinates; int tv_dryrun; - int tv_jumpline; - struct berval tv_sub_ndn; int tv_scope; + unsigned long tv_jumpline; + struct berval tv_sub_ndn; Filter *tv_filter; struct LDIFFP *tv_ldiffp; struct berval tv_baseDN; diff --git a/servers/slapd/slapmodify.c b/servers/slapd/slapmodify.c index 013dcfb2a3..4639baac67 100644 --- a/servers/slapd/slapmodify.c +++ b/servers/slapd/slapmodify.c @@ -56,8 +56,8 @@ slapmodify( int argc, char **argv ) OperationBuffer opbuf; Operation *op; - int checkvals; - int lineno, nextline, ldifrc; + int checkvals, ldifrc; + unsigned long lineno, nextline; int lmax; int rc = EXIT_SUCCESS; @@ -162,7 +162,7 @@ slapmodify( int argc, char **argv ) "slapmodify", LDIF_NO_CONTROLS ); if ( local_rc != LDAP_SUCCESS ) { - fprintf( stderr, "%s: could not parse entry (line=%d)\n", + fprintf( stderr, "%s: could not parse entry (line=%lu)\n", progname, lineno ); rc = EXIT_FAILURE; if( continuemode ) continue; @@ -180,14 +180,14 @@ slapmodify( int argc, char **argv ) case LDAP_REQ_MODRDN: case LDAP_REQ_DELETE: - fprintf( stderr, "%s: request 0x%lx not supported (line=%d)\n", + fprintf( stderr, "%s: request 0x%lx not supported (line=%lu)\n", progname, (unsigned long)lr.lr_op, lineno ); rc = EXIT_FAILURE; if( continuemode ) continue; goto done; default: - fprintf( stderr, "%s: unknown request 0x%lx (line=%d)\n", + fprintf( stderr, "%s: unknown request 0x%lx (line=%lu)\n", progname, (unsigned long)lr.lr_op, lineno ); rc = EXIT_FAILURE; if( continuemode ) continue; @@ -196,7 +196,7 @@ slapmodify( int argc, char **argv ) local_rc = dnNormalize( 0, NULL, NULL, &lr.lr_dn, &ndn, NULL ); if ( local_rc != LDAP_SUCCESS ) { - fprintf( stderr, "%s: DN=\"%s\" normalization failed (line=%d)\n", + fprintf( stderr, "%s: DN=\"%s\" normalization failed (line=%lu)\n", progname, lr.lr_dn.bv_val, lineno ); rc = EXIT_FAILURE; if( continuemode ) continue; @@ -207,7 +207,7 @@ slapmodify( int argc, char **argv ) if( BER_BVISEMPTY( &ndn ) && !BER_BVISEMPTY( be->be_nsuffix )) { - fprintf( stderr, "%s: line %d: " + fprintf( stderr, "%s: line %lu: " "%s entry with empty dn=\"\"", progname, lineno, request ); bd = select_backend( &ndn, nosubordinates ); @@ -237,7 +237,7 @@ slapmodify( int argc, char **argv ) /* check backend */ bd = select_backend( &ndn, nosubordinates ); if ( bd != be ) { - fprintf( stderr, "%s: line %d: " + fprintf( stderr, "%s: line %lu: " "database #%d (%s) not configured to hold \"%s\"", progname, lineno, dbnum, @@ -287,7 +287,7 @@ slapmodify( int argc, char **argv ) local_rc = slap_str2ad( mod->mod_type, &mods.sm_desc, &text ); if ( local_rc != LDAP_SUCCESS ) { - fprintf( stderr, "%s: slap_str2ad(\"%s\") failed for entry \"%s\" (%d: %s, lineno=%d)\n", + fprintf( stderr, "%s: slap_str2ad(\"%s\") failed for entry \"%s\" (%d: %s, lineno=%lu)\n", progname, mod->mod_type, lr.lr_dn.bv_val, local_rc, text, lineno ); rc = EXIT_FAILURE; mod_err = 1; @@ -564,7 +564,7 @@ slapmodify( int argc, char **argv ) if( id == NOID ) { fprintf( stderr, "%s: could not %s entry dn=\"%s\" " - "(line=%d): %s\n", progname, request, e->e_dn, + "(line=%lu): %s\n", progname, request, e->e_dn, lineno, bvtext.bv_val ); rc = EXIT_FAILURE; entry_free( e ); -- 2.39.5