Commit 65f273ba authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Fixed SASL interactive free bug (ITS#2423)

Fixed liblber multi-value decode bug (ITS#2458)
Fixed liblber over read bug (ITS#2465)
parent 299a5230
......@@ -8,7 +8,10 @@ OpenLDAP 2.1.18 Engineering
Fixed slapd ACL group DN crash (ITS#2467)
Fixed slapd substring normalization bug (ITS#2468)
Fixed back-bdb search filter empty value bug (ITS#2453)
Fixed ldappasswd -y support
Fixed SASL interactive free bug (ITS#2423)
Fixed liblber multi-value decode bug (ITS#2458)
Fixed liblber over read bug (ITS#2465)
Fixed ldappasswd -y support (ITS#2441)
OpenLDAP 2.1.17 Release
Fixed libldap_r thread pool context bug (ITS#2404)
......
......@@ -670,6 +670,7 @@ tool_bind( LDAP *ld )
sasl_mech, NULL, NULL,
sasl_flags, lutil_sasl_interact, defaults );
lutil_sasl_freedefs( defaults );
if( rc != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_sasl_interactive_bind_s" );
exit( EXIT_FAILURE );
......
......@@ -324,6 +324,7 @@ ber_get_stringbvl( bgbvr *b, ber_len_t *rlen )
{
if (ber_skip_tag( b->ber, &len ) == LBER_DEFAULT) break;
b->ber->ber_ptr += len;
b->ber->ber_tag = *(unsigned char *)b->ber->ber_ptr;
}
}
......
......@@ -510,13 +510,13 @@ ber_get_next(
}
while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
(char *)&ber->ber_len + LENSIZE*2) {
(char *)&ber->ber_len + LENSIZE*2 -1) {
ber_slen_t sblen;
char buf[sizeof(ber->ber_len)-1];
ber_len_t tlen = 0;
sblen=ber_int_sb_read( sb, ber->ber_rwptr,
((char *)&ber->ber_len + LENSIZE*2)-ber->ber_rwptr);
((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
if (sblen<=0) return LBER_DEFAULT;
ber->ber_rwptr += sblen;
......@@ -527,10 +527,10 @@ ber_get_next(
tag = *p++;
if ((tag & LBER_BIG_TAG_MASK) == LBER_BIG_TAG_MASK) {
ber_len_t i;
for (i=1; (char *)p<ber->ber_rwptr; i++,p++) {
for (i=1; (char *)p<ber->ber_rwptr; i++) {
tag <<= 8;
tag |= *p;
if (!(*p & LBER_MORE_TAG_MASK))
tag |= *p++;
if (!(tag & LBER_MORE_TAG_MASK))
break;
/* Is the tag too big? */
if (i == sizeof(ber_tag_t)-1) {
......@@ -542,7 +542,6 @@ ber_get_next(
if ((char *)p == ber->ber_rwptr) {
return LBER_DEFAULT;
}
p++;
}
ber->ber_tag = tag;
ber->ber_ptr = (char *)p;
......
......@@ -529,7 +529,6 @@ ldap_int_sasl_bind(
sasl_ssf_t *ssf = NULL;
sasl_conn_t *ctx;
sasl_interact_t *prompts = NULL;
const void *promptresult = NULL;
unsigned credlen;
struct berval ccred;
ber_socket_t sd;
......@@ -590,9 +589,6 @@ ldap_int_sasl_bind(
&credlen,
&mech );
/* Cyrus SASL library doesn't initialize the prompt result pointer */
if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
if( pmech == NULL && mech != NULL ) {
pmech = mech;
......@@ -608,11 +604,6 @@ ldap_int_sasl_bind(
if( !interact ) break;
res = (interact)( ld, flags, defaults, prompts );
/* keep a pointer to the prompt result so we can free it
* after Cyrus SASL has consumed the prompts.
*/
promptresult = prompts->result;
if( res != LDAP_SUCCESS ) break;
}
} while ( saslrc == SASL_INTERACT );
......@@ -688,9 +679,6 @@ ldap_int_sasl_bind(
(SASL_CONST char **)&ccred.bv_val,
&credlen );
/* SASL library doesn't initialize the prompt result pointer */
if( promptresult == NULL && prompts != NULL ) prompts->result = NULL;
#ifdef NEW_LOGGING
LDAP_LOG ( TRANSPORT, DETAIL1,
"ldap_int_sasl_bind: sasl_client_step: %d\n", saslrc,0,0 );
......@@ -703,12 +691,6 @@ ldap_int_sasl_bind(
int res;
if( !interact ) break;
res = (interact)( ld, flags, defaults, prompts );
/* keep a pointer to the prompt result so we can free it
* after Cyrus SASL has consumed the prompts.
*/
promptresult = prompts->result;
if( res != LDAP_SUCCESS ) break;
}
} while ( saslrc == SASL_INTERACT );
......@@ -768,8 +750,6 @@ ldap_int_sasl_bind(
}
done:
/* free the last prompt result */
LDAP_FREE((void*)promptresult);
return rc;
}
......
......@@ -29,9 +29,27 @@ typedef struct lutil_sasl_defaults_s {
char *authcid;
char *passwd;
char *authzid;
char **resps;
int nresps;
} lutilSASLdefaults;
void
lutil_sasl_freedefs(
void *defaults )
{
lutilSASLdefaults *defs = defaults;
if (defs->mech) ber_memfree(defs->mech);
if (defs->realm) ber_memfree(defs->realm);
if (defs->authcid) ber_memfree(defs->authcid);
if (defs->passwd) ber_memfree(defs->passwd);
if (defs->authzid) ber_memfree(defs->authzid);
if (defs->resps) ldap_charray_free(defs->resps);
ber_memfree(defs);
}
void *
lutil_sasl_defaults(
LDAP *ld,
......@@ -47,11 +65,11 @@ lutil_sasl_defaults(
if( defaults == NULL ) return NULL;
defaults->mech = mech;
defaults->realm = realm;
defaults->authcid = authcid;
defaults->passwd = passwd;
defaults->authzid = authzid;
defaults->mech = mech ? ber_strdup(mech) : NULL;
defaults->realm = realm ? ber_strdup(realm) : NULL;
defaults->authcid = authcid ? ber_strdup(authcid) : NULL;
defaults->passwd = passwd ? ber_strdup(passwd) : NULL;
defaults->authzid = authzid ? ber_strdup(authzid) : NULL;
if( defaults->mech == NULL ) {
ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech );
......@@ -65,6 +83,8 @@ lutil_sasl_defaults(
if( defaults->authzid == NULL ) {
ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid );
}
defaults->resps = NULL;
defaults->nresps = 0;
return defaults;
}
......@@ -160,7 +180,8 @@ static int interaction(
if( interact->len > 0 ) {
/* duplicate */
char *p = (char *)interact->result;
interact->result = strdup( p );
ldap_charray_add(&defaults->resps, interact->result);
interact->result = defaults->resps[defaults->nresps++];
/* zap */
memset( p, '\0', interact->len );
......@@ -168,15 +189,8 @@ static int interaction(
} else {
use_default:
/* input must be empty */
interact->result = strdup( (dflt && *dflt) ? dflt : "" );
interact->len = interact->result
? strlen( interact->result ) : 0;
}
if( defaults && defaults->passwd && interact->id == SASL_CB_PASS ) {
/* zap password after first use */
memset( defaults->passwd, '\0', strlen(defaults->passwd) );
defaults->passwd = NULL;
interact->result = (dflt && *dflt) ? dflt : "";
interact->len = strlen( interact->result );
}
return LDAP_SUCCESS;
......@@ -190,12 +204,6 @@ int lutil_sasl_interact(
{
sasl_interact_t *interact = in;
if( interact->result ) {
/* we have results from a previous interaction */
free( (void *)interact->result );
interact->result = NULL;
}
if( ld == NULL ) return LDAP_PARAM_ERROR;
if( flags == LDAP_SASL_INTERACTIVE ) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment