From 6d7689b7e3aa4ab1dd7ed3847dbb4a60dd3184a3 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sat, 19 Nov 2005 18:01:28 +0000
Subject: [PATCH] check we don't exceed userland with config param bits

---
 servers/slapd/back-ldap/chain.c  | 25 +++++++++++++------------
 servers/slapd/back-ldap/config.c |  7 ++++++-
 servers/slapd/config.h           |  9 +++++++++
 3 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c
index 8207eca717..d06fe25665 100644
--- a/servers/slapd/back-ldap/chain.c
+++ b/servers/slapd/back-ldap/chain.c
@@ -858,10 +858,10 @@ str2chain( const char *s )
  */
 
 enum {
-	PC_CHAINING = 1,
-	PC_CACHE_URI = 2,
+	CH_CHAINING = 1,
+	CH_CACHE_URI = 2,
 
-	PC_LAST
+	CH_LAST
 };
 
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
@@ -873,13 +873,13 @@ static ConfigLDAPadd chain_ldadd;
 static ConfigTable chaincfg[] = {
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 	{ "chain-chaining", "args",
-		2, 4, 0, ARG_MAGIC|ARG_BERVAL|PC_CHAINING, chain_cf_gen,
+		2, 4, 0, ARG_MAGIC|ARG_BERVAL|CH_CHAINING, chain_cf_gen,
 		"( OLcfgOvAt:3.1 NAME 'olcChainingBehavior' "
 			"DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 	{ "chain-cache-uris", "TRUE/FALSE",
-		2, 2, 0, ARG_MAGIC|ARG_ON_OFF|PC_CACHE_URI, chain_cf_gen,
+		2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_CACHE_URI, chain_cf_gen,
 		"( OLcfgOvAt:3.2 NAME 'olcCacheURIs' "
 			"DESC 'Enables caching of URIs not present in configuration' "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
@@ -999,7 +999,7 @@ chain_cf_gen( ConfigArgs *c )
 	if ( c->op == SLAP_CONFIG_EMIT ) {
 		switch( c->type ) {
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-		case PC_CHAINING: {
+		case CH_CHAINING: {
 			struct berval	resolve = BER_BVNULL,
 					continuation = BER_BVNULL;
 
@@ -1030,7 +1030,7 @@ chain_cf_gen( ConfigArgs *c )
 		}
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 
-		case PC_CACHE_URI:
+		case CH_CACHE_URI:
 			c->value_int = LDAP_CHAIN_CACHE_URI( lc );
 			break;
 
@@ -1042,10 +1042,10 @@ chain_cf_gen( ConfigArgs *c )
 
 	} else if ( c->op == LDAP_MOD_DELETE ) {
 		switch( c->type ) {
-		case PC_CHAINING:
+		case CH_CHAINING:
 			return 1;
 
-		case PC_CACHE_URI:
+		case CH_CACHE_URI:
 			lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI;
 			break;
 
@@ -1057,7 +1057,7 @@ chain_cf_gen( ConfigArgs *c )
 
 	switch( c->type ) {
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-	case PC_CHAINING: {
+	case CH_CHAINING: {
 		char			**argv = c->argv;
 		int			argc = c->argc;
 		BerElementBuffer	berbuf;
@@ -1172,7 +1172,7 @@ chain_cf_gen( ConfigArgs *c )
 	}
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 
-	case PC_CACHE_URI:
+	case CH_CACHE_URI:
 		if ( c->value_int ) {
 			lc->lc_flags |= LDAP_CHAIN_F_CACHE_URI;
 		} else {
@@ -1621,7 +1621,8 @@ chain_init( void )
 {
 	int	rc;
 
-	assert( PC_LAST <= ARGS_USERLAND );
+	/* Make sure we don't exceed the bits reserved for userland */
+	config_check_userland( CH_LAST );
 
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
 	rc = register_supported_control( LDAP_CONTROL_X_CHAINING_BEHAVIOR,
diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index eb1c157851..b7e3ecedf8 100644
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -60,7 +60,9 @@ enum {
 	LDAP_BACK_CFG_T_F,
 	LDAP_BACK_CFG_WHOAMI,
 	LDAP_BACK_CFG_TIMEOUT,
-	LDAP_BACK_CFG_REWRITE
+	LDAP_BACK_CFG_REWRITE,
+
+	LDAP_BACK_CFG_LAST
 };
 
 static ConfigTable ldapcfg[] = {
@@ -1132,6 +1134,9 @@ ldap_back_init_cf( BackendInfo *bi )
 	AttributeDescription	*ad = NULL;
 	const char		*text;
 
+	/* Make sure we don't exceed the bits reserved for userland */
+	config_check_userland( LDAP_BACK_CFG_LAST );
+
 	bi->bi_cf_ocs = ldapocs;
 
 	rc = config_register_schema( ldapcfg, ldapocs );
diff --git a/servers/slapd/config.h b/servers/slapd/config.h
index 3dc2592803..a1ca2208ec 100644
--- a/servers/slapd/config.h
+++ b/servers/slapd/config.h
@@ -14,6 +14,9 @@
  * <http://www.OpenLDAP.org/license.html>.
  */
 
+#ifndef CONFIG_H
+#define CONFIG_H
+
 typedef struct ConfigTable {
 	char *name;
 	char *what;
@@ -169,3 +172,9 @@ int read_config_file(const char *fname, int depth, ConfigArgs *cf,
 ConfigTable * config_find_keyword(ConfigTable *ct, ConfigArgs *c);
 Entry * config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
 	ConfigArgs *c, struct berval *rdn, ConfigOCs *main, ConfigOCs *extra );
+
+	/* Make sure we don't exceed the bits reserved for userland */
+#define	config_check_userland(last) \
+	assert( ( ( (last) - 1 ) & ARGS_USERLAND ) == ( (last) - 1 ) );
+
+#endif /* CONFIG_H */
-- 
2.39.5