Commit 6ae9bf16 authored by Howard Chu's avatar Howard Chu
Browse files

ITS#9014 fix component match parsing errors

parent e394bcfa
...@@ -347,7 +347,7 @@ get_comp_filter( Operation* op, struct berval* bv, ...@@ -347,7 +347,7 @@ get_comp_filter( Operation* op, struct berval* bv,
return rc; return rc;
} }
rc = parse_comp_filter( op, &cav, filt, text ); rc = parse_comp_filter( op, &cav, filt, text );
bv->bv_val = cav.cav_ptr; /* bv->bv_val = cav.cav_ptr; */
return rc; return rc;
} }
...@@ -1067,7 +1067,7 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav, ...@@ -1067,7 +1067,7 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
*/ */
ber_tag_t tag; ber_tag_t tag;
int err; int err = LDAP_SUCCESS;
ComponentFilter f; ComponentFilter f;
/* TAG : item, and, or, not in RFC 4515 */ /* TAG : item, and, or, not in RFC 4515 */
tag = strip_cav_tag( cav ); tag = strip_cav_tag( cav );
...@@ -1077,10 +1077,11 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav, ...@@ -1077,10 +1077,11 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
return LDAP_PROTOCOL_ERROR; return LDAP_PROTOCOL_ERROR;
} }
if ( tag != LDAP_COMP_FILTER_NOT ) if ( tag != LDAP_COMP_FILTER_NOT ) {
strip_cav_str( cav, "{"); err = strip_cav_str( cav, "{");
if ( err )
err = LDAP_SUCCESS; goto invalid;
}
f.cf_next = NULL; f.cf_next = NULL;
f.cf_choice = tag; f.cf_choice = tag;
...@@ -1154,13 +1155,14 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav, ...@@ -1154,13 +1155,14 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
break; break;
} }
invalid:
if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) { if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
*text = "Component Filter Syntax Error"; *text = "Component Filter Syntax Error";
return err; return err;
} }
if ( tag != LDAP_COMP_FILTER_NOT ) if ( tag != LDAP_COMP_FILTER_NOT )
strip_cav_str( cav, "}"); err = strip_cav_str( cav, "}");
if ( err == LDAP_SUCCESS ) { if ( err == LDAP_SUCCESS ) {
if ( op ) { if ( op ) {
......
...@@ -327,6 +327,9 @@ certificateValidate( Syntax *syntax, struct berval *in ) ...@@ -327,6 +327,9 @@ certificateValidate( Syntax *syntax, struct berval *in )
ber_len_t len; ber_len_t len;
ber_int_t version = SLAP_X509_V1; ber_int_t version = SLAP_X509_V1;
if ( BER_BVISNULL( in ) || BER_BVISEMPTY( in ))
return LDAP_INVALID_SYNTAX;
ber_init2( ber, in, LBER_USE_DER ); ber_init2( ber, in, LBER_USE_DER );
tag = ber_skip_tag( ber, &len ); /* Signed wrapper */ tag = ber_skip_tag( ber, &len ); /* Signed wrapper */
if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment