From b641615c53c93d7e8482b31dc51297c664650b3a Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 15 Sep 2000 01:16:09 +0000 Subject: [PATCH] Keep ldap_first/next_attribute from running past end of attributes. Likely other sequences need this attention. --- libraries/libldap/getattr.c | 79 ++++++++++++++++++++++++++++--------- 1 file changed, 60 insertions(+), 19 deletions(-) diff --git a/libraries/libldap/getattr.c b/libraries/libldap/getattr.c index 79fe0a4ad0..9b4f2fe06c 100644 --- a/libraries/libldap/getattr.c +++ b/libraries/libldap/getattr.c @@ -22,46 +22,76 @@ #include "ldap-int.h" char * -ldap_first_attribute( LDAP *ld, LDAPMessage *entry, BerElement **ber ) +ldap_first_attribute( LDAP *ld, LDAPMessage *entry, BerElement **berout ) { + ber_tag_t rc; + ber_len_t len; char *attr; + BerElement *ber; Debug( LDAP_DEBUG_TRACE, "ldap_first_attribute\n", 0, 0, 0 ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( entry != NULL ); - assert( ber != NULL ); + assert( berout != NULL ); - if ( (*ber = ldap_alloc_ber_with_options( ld )) == NULL ) { - *ber = NULL; - return( NULL ); + ber = ldap_alloc_ber_with_options( ld ); + if( ber == NULL ) { + return NULL; } - **ber = *entry->lm_ber; + *ber = *entry->lm_ber; /* - * Skip past the sequence, dn, sequence of sequence, snarf the - * attribute type, and skip the set of values, leaving us - * positioned right before the next attribute type/value sequence. + * Skip past the sequence, dn, sequence of sequence leaving + * us at the first attribute. */ - if ( ber_scanf( *ber, "{x{{ax}" /*}}*/, &attr ) - == LBER_ERROR ) { + rc = ber_scanf( ber, "{xl{" /*}}*/, &attr, &len ); + + if( rc == LBER_ERROR ) { ld->ld_errno = LDAP_DECODING_ERROR; - ber_free( *ber, 0 ); - *ber = NULL; - return( NULL ); + ber_free( ber, 0 ); + return NULL; + } + +#if 0 + if( len == 0 ) { + return NULL; + } +#endif + + /* set the length to avoid overrun */ + rc = ber_set_option( ber, LBER_OPT_REMAINING_BYTES, &len ); + + if( rc != LBER_OPT_SUCCESS ) { + ld->ld_errno = LDAP_LOCAL_ERROR; + ber_free( ber, 0 ); + return NULL; } - return( attr ); + /* snatch the first attribute */ + rc = ber_scanf( ber, "{ax}", &attr ); + if( rc == LBER_ERROR ) { + ld->ld_errno = LDAP_DECODING_ERROR; + ber_free( ber, 0 ); + return NULL; + } + + *berout = ber; + return attr; } /* ARGSUSED */ char * ldap_next_attribute( LDAP *ld, LDAPMessage *entry, BerElement *ber ) { + ber_tag_t rc; char *attr; +#if 0 + ber_len_t len; +#endif Debug( LDAP_DEBUG_TRACE, "ldap_next_attribute\n", 0, 0, 0 ); @@ -70,12 +100,23 @@ ldap_next_attribute( LDAP *ld, LDAPMessage *entry, BerElement *ber ) assert( entry != NULL ); assert( ber != NULL ); +#if 0 + rc = ber_get_option( ber, LBER_OPT_REMAINING_BYTES, &len ); + if( rc != LDAP_OPT_SUCCESS ) { + ld->ld_errno = LDAP_LOCAL_ERROR; + return NULL; + } + + /* we're done */ + if( len == 0 ) return NULL; +#endif + /* skip sequence, snarf attribute type, skip values */ - if ( ber_scanf( ber, "{ax}", &attr ) - == LBER_ERROR ) { + rc = ber_scanf( ber, "{ax}", &attr ); + if( rc == LBER_ERROR ) { ld->ld_errno = LDAP_DECODING_ERROR; - return( NULL ); + return NULL; } - return( attr ); + return attr; } -- 2.39.5