ITS#7497 fix lineno overflow in ldif_read_record()

7d34195e · Quanah Gibson-Mount · fc3695a6 · 7d34195e · 7d34195e · 7d34195e
Commit 7d34195e authored Jan 26, 2013 by Quanah Gibson-Mount
--- a/clients/tools/ldapmodify.c
+++ b/clients/tools/ldapmodify.c
@@ -97,7 +97,7 @@ static struct berval BV_NEWSUP = BER_BVC("newsuperior");
 #define	BV_CASEMATCH(a, b) \
 	((a)->bv_len == (b)->bv_len && 0 == strcasecmp((a)->bv_val, (b)->bv_val))

-static int process_ldif_rec LDAP_P(( char *rbuf, int lineno ));
+static int process_ldif_rec LDAP_P(( char *rbuf, unsigned long lineno ));
 static int parse_ldif_control LDAP_P(( struct berval *val, LDAPControl ***pctrls ));
 static int domodify LDAP_P((
 	const char *dn,
@@ -245,8 +245,8 @@ main( int argc, char **argv )
 	char		*matched_msg, *error_msg;
 	int		rc, retval, ldifrc;
 	int		len;
-	int		i = 0;
-	int		lineno, nextline = 0, lmax = 0;
+	int		i = 0, lmax = 0;
+	unsigned long	lineno, nextline = 0;
 	LDAPControl	c[1];

 	prog = lutil_progname( "ldapmodify", argc, argv );
@@ -402,7 +402,7 @@ fail:;


 static int
-process_ldif_rec( char *rbuf, int linenum )
+process_ldif_rec( char *rbuf, unsigned long linenum )
 {
 	char	*line, *dn, *newrdn, *newsup;
 	int		rc, modop;
@@ -452,7 +452,7 @@ process_ldif_rec( char *rbuf, int linenum )
 		}
 	
 		if ( ( rc = ldif_parse_line2( line, btype+i, vals+i, &freev ) ) < 0 ) {
-			fprintf( stderr, _("%s: invalid format (line %d) entry: \"%s\"\n"),
+			fprintf( stderr, _("%s: invalid format (line %lu) entry: \"%s\"\n"),
 				prog, linenum+i, dn == NULL ? "" : dn );
 			rc = LDAP_PARAM_ERROR;
 			goto leave;
@@ -464,7 +464,7 @@ process_ldif_rec( char *rbuf, int linenum )
 				int	v;
 				if( vals[i].bv_len == 0 || lutil_atoi( &v, vals[i].bv_val) != 0 || v != 1 ) {
 					fprintf( stderr,
-						_("%s: invalid version %s, line %d (ignored)\n"),
+						_("%s: invalid version %s, line %lu (ignored)\n"),
 						prog, vals[i].bv_val, linenum );
 				}
 				version++;
@@ -502,14 +502,14 @@ process_ldif_rec( char *rbuf, int linenum )
 		rc = parse_ldif_control( vals+i, &pctrls );
 		if (rc != 0) {
 			fprintf( stderr,
-				_("%s: Error processing %s line, line %d: %s\n"),
+				_("%s: Error processing %s line, line %lu: %s\n"),
 				prog, BV_CONTROL.bv_val, linenum+i, ldap_err2string(rc) );
 		}
 		i++;
 		if ( i>= lines ) {
 short_input:
 			fprintf( stderr,
-				_("%s: Expecting more input after %s line, line %d\n"),
+				_("%s: Expecting more input after %s line, line %lu\n"),
 				prog, btype[i-1].bv_val, linenum+i );
 			
 			rc = LDAP_PARAM_ERROR;
@@ -530,7 +530,7 @@ short_input:

 		if ( ++icnt != vals[i].bv_len ) {
 			fprintf( stderr, _("%s: illegal trailing space after"
-				" \"%s: %s\" trimmed (line %d, entry \"%s\")\n"),
+				" \"%s: %s\" trimmed (line %lu, entry \"%s\")\n"),
 				prog, BV_CHANGETYPE.bv_val, vals[i].bv_val, linenum+i, dn );
 			vals[i].bv_val[icnt] = '\0';
 		}
@@ -551,7 +551,7 @@ short_input:
 				goto short_input;
 			if ( !BV_CASEMATCH( btype+i, &BV_NEWRDN )) {
 				fprintf( stderr, _("%s: expecting \"%s:\" but saw"
-					" \"%s:\" (line %d, entry \"%s\")\n"),
+					" \"%s:\" (line %lu, entry \"%s\")\n"),
 					prog, BV_NEWRDN.bv_val, btype[i].bv_val, linenum+i, dn );
 				rc = LDAP_PARAM_ERROR;
 				goto leave;
@@ -562,7 +562,7 @@ short_input:
 				goto short_input;
 			if ( !BV_CASEMATCH( btype+i, &BV_DELETEOLDRDN )) {
 				fprintf( stderr, _("%s: expecting \"%s:\" but saw"
-					" \"%s:\" (line %d, entry \"%s\")\n"),
+					" \"%s:\" (line %lu, entry \"%s\")\n"),
 					prog, BV_DELETEOLDRDN.bv_val, btype[i].bv_val, linenum+i, dn );
 				rc = LDAP_PARAM_ERROR;
 				goto leave;
@@ -572,7 +572,7 @@ short_input:
 			if ( i < lines ) {
 				if ( !BV_CASEMATCH( btype+i, &BV_NEWSUP )) {
 					fprintf( stderr, _("%s: expecting \"%s:\" but saw"
-						" \"%s:\" (line %d, entry \"%s\")\n"),
+						" \"%s:\" (line %lu, entry \"%s\")\n"),
 						prog, BV_NEWSUP.bv_val, btype[i].bv_val, linenum+i, dn );
 					rc = LDAP_PARAM_ERROR;
 					goto leave;
@@ -585,7 +585,7 @@ short_input:
 			got_all = delete_entry = 1;
 		} else {
 			fprintf( stderr,
-				_("%s:  unknown %s \"%s\" (line %d, entry \"%s\")\n"),
+				_("%s:  unknown %s \"%s\" (line %lu, entry \"%s\")\n"),
 				prog, BV_CHANGETYPE.bv_val, vals[i].bv_val, linenum+i, dn );
 			rc = LDAP_PARAM_ERROR;
 			goto leave;
@@ -601,7 +601,7 @@ short_input:
 	if ( got_all ) {
 		if ( i < lines ) {
 			fprintf( stderr,
-				_("%s: extra lines at end (line %d, entry \"%s\")\n"),
+				_("%s: extra lines at end (line %lu, entry \"%s\")\n"),
 				prog, linenum+i, dn );
 			rc = LDAP_PARAM_ERROR;
 			goto leave;
@@ -620,7 +620,7 @@ short_input:
 			for (j=i+1; j<lines; j++) {
 				if ( !btype[j].bv_val ) {
 					fprintf( stderr,
-						_("%s: missing attributeDescription (line %d, entry \"%s\")\n"),
+						_("%s: missing attributeDescription (line %lu, entry \"%s\")\n"),
 						prog, linenum+j, dn );
 					rc = LDAP_PARAM_ERROR;
 					goto leave;
@@ -662,7 +662,7 @@ short_input:
 			if ( BV_CASEMATCH( btype+i, &BV_DN )) {
 				fprintf( stderr, _("%s: attributeDescription \"%s\":"
 					" (possible missing newline"
-						" after line %d, entry \"%s\"?)\n"),
+						" after line %lu, entry \"%s\"?)\n"),
 					prog, btype[i].bv_val, linenum+i - 1, dn );
 			}
 			if ( !BV_CASEMATCH( btype+i, &bv )) {
@@ -696,7 +696,7 @@ short_input:
    
 			if ( ++icnt != vals[i].bv_len ) {
 				fprintf( stderr, _("%s: illegal trailing space after"
-					" \"%s: %s\" trimmed (line %d, entry \"%s\")\n"),
+					" \"%s: %s\" trimmed (line %lu, entry \"%s\")\n"),
 					prog, type, vals[i].bv_val, linenum+i, dn );
 				vals[i].bv_val[icnt] = '\0';
 			}
@@ -727,7 +727,7 @@ short_input:
 				nmods--;
 			} else {	/* no modify op: invalid LDIF */
 				fprintf( stderr, _("%s: modify operation type is missing at"
-					" line %d, entry \"%s\"\n"),
+					" line %lu, entry \"%s\"\n"),
 					prog, linenum+i, dn );
 				rc = LDAP_PARAM_ERROR;
 				goto leave;
@@ -741,7 +741,7 @@ short_input:
 		} else {
 			if ( !BV_CASEMATCH( btype+i, &bv )) {
 				fprintf( stderr, _("%s: wrong attributeType at"
-					" line %d, entry \"%s\"\n"),
+					" line %lu, entry \"%s\"\n"),
 					prog, linenum+i, dn );
 				rc = LDAP_PARAM_ERROR;
 				goto leave;

--- a/include/ldif.h
+++ b/include/ldif.h
@@ -105,7 +105,7 @@ ldif_close LDAP_P(( LDIFFP * ));
 LDAP_LDIF_F( int )
 ldif_read_record LDAP_P((
 	LDIFFP *fp,
-	int *lineno,
+	unsigned long *lineno,
 	char **bufp,
 	int *buflen ));


--- a/libraries/libldap/ldif.c
+++ b/libraries/libldap/ldif.c
@@ -814,7 +814,7 @@ ldif_close(
 int
 ldif_read_record(
 	LDIFFP      *lfp,
-	int         *lno,		/* ptr to line number counter              */
+	unsigned long *lno,		/* ptr to line number counter              */
 	char        **bufp,     /* ptr to malloced output buffer           */
 	int         *buflenp )  /* ptr to length of *bufp                  */
 {

--- a/servers/slapd/back-sql/config.c
+++ b/servers/slapd/back-sql/config.c
@@ -539,7 +539,8 @@ read_baseObject(
 {
 	backsql_info 	*bi = (backsql_info *)be->be_private;
 	LDIFFP		*fp;
-	int		rc = 0, lineno = 0, lmax = 0, ldifrc;
+	int		rc = 0, lmax = 0, ldifrc;
+	unsigned long	lineno = 0;
 	char		*buf = NULL;

 	assert( fname != NULL );
@@ -571,7 +572,7 @@ read_baseObject(

 		if( e == NULL ) {
 			fprintf( stderr, "back-sql baseObject: "
-					"could not parse entry (line=%d)\n",
+					"could not parse entry (line=%lu)\n",
 					lineno );
 			rc = LDAP_OTHER;
 			break;
@@ -581,7 +582,7 @@ read_baseObject(
 		if ( !be_issuffix( be, &e->e_nname ) ) {
 			fprintf( stderr,
 				"back-sql: invalid baseObject - "
-				"dn=\"%s\" (line=%d)\n",
+				"dn=\"%s\" (line=%lu)\n",
 				e->e_name.bv_val, lineno );
 			entry_free( e );
 			rc = LDAP_OTHER;

--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@@ -401,7 +401,8 @@ int
 root_dse_read_file( const char *fname )
 {
 	struct LDIFFP	*fp;
-	int rc = 0, lineno = 0, lmax = 0, ldifrc;
+	int rc = 0, lmax = 0, ldifrc;
+	unsigned long lineno = 0;
 	char	*buf = NULL;

 	if ( (fp = ldif_open( fname, "r" )) == NULL ) {
@@ -427,7 +428,7 @@ root_dse_read_file( const char *fname )

 		if( e == NULL ) {
 			Debug( LDAP_DEBUG_ANY, "root_dse_read_file: "
-				"could not parse entry (file=\"%s\" line=%d)\n",
+				"could not parse entry (file=\"%s\" line=%lu)\n",
 				fname, lineno, 0 );
 			rc = LDAP_OTHER;
 			break;
@@ -437,7 +438,7 @@ root_dse_read_file( const char *fname )
 		if( e->e_nname.bv_len ) {
 			Debug( LDAP_DEBUG_ANY,
 				"root_dse_read_file: invalid rootDSE "
-				"- dn=\"%s\" (file=\"%s\" line=%d)\n",
+				"- dn=\"%s\" (file=\"%s\" line=%lu)\n",
 				e->e_dn, fname, lineno );
 			entry_free( e );
 			rc = LDAP_OTHER;

--- a/servers/slapd/slapadd.c
+++ b/servers/slapd/slapadd.c
@@ -44,14 +44,14 @@ static char csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];

 typedef struct Erec {
 	Entry *e;
-	int lineno;
-	int nextline;
+	unsigned long lineno;
+	unsigned long nextline;
 } Erec;

 typedef struct Trec {
 	Entry *e;
-	int lineno;
-	int nextline;
+	unsigned long lineno;
+	unsigned long nextline;
 	int rc;
 	int ready;
 } Trec;
@@ -108,7 +108,7 @@ again:
 					 0);

 		if( e == NULL ) {
-			fprintf( stderr, "%s: could not parse entry (line=%d)\n",
+			fprintf( stderr, "%s: could not parse entry (line=%lu)\n",
 				progname, erec->lineno );
 			return -2;
 		}
@@ -117,7 +117,7 @@ again:
 		if( BER_BVISEMPTY( &e->e_nname ) &&
 			!BER_BVISEMPTY( be->be_nsuffix ))
 		{
-			fprintf( stderr, "%s: line %d: "
+			fprintf( stderr, "%s: line %lu: "
 				"cannot add entry with empty dn=\"%s\"",
 				progname, erec->lineno, e->e_dn );
 			bd = select_backend( &e->e_nname, nosubordinates );
@@ -144,7 +144,7 @@ again:
 		/* check backend */
 		bd = select_backend( &e->e_nname, nosubordinates );
 		if ( bd != be ) {
-			fprintf( stderr, "%s: line %d: "
+			fprintf( stderr, "%s: line %lu: "
 				"database #%d (%s) not configured to hold \"%s\"",
 				progname, erec->lineno,
 				dbnum,
@@ -432,7 +432,7 @@ slapadd( int argc, char **argv )
 			id = be->be_entry_put( be, erec.e, &bvtext );
 			if( id == NOID ) {
 				fprintf( stderr, "%s: could not add entry dn=\"%s\" "
-								 "(line=%d): %s\n", progname, erec.e->e_dn,
+								 "(line=%lu): %s\n", progname, erec.e->e_dn,
 								 erec.lineno, bvtext.bv_val );
 				rc = EXIT_FAILURE;
 				if( continuemode ) {

--- a/servers/slapd/slapcommon.c
+++ b/servers/slapd/slapcommon.c
@@ -452,7 +452,7 @@ slap_tool_init(
 			} break;

 		case 'j':	/* jump to linenumber */
-			if ( lutil_atoi( &jumpline, optarg ) ) {
+			if ( lutil_atoul( &jumpline, optarg ) ) {
 				usage( tool, progname );
 			}
 			break;

--- a/servers/slapd/slapcommon.h
+++ b/servers/slapd/slapcommon.h
@@ -42,7 +42,7 @@ typedef struct tool_vars {
 	int tv_continuemode;
 	int tv_nosubordinates;
 	int tv_dryrun;
-	int tv_jumpline;
+	unsigned long tv_jumpline;
 	struct berval tv_sub_ndn;
 	int tv_scope;
 	Filter *tv_filter;