lber hardening

34773a35 · Kurt Zeilenga · 961c3746 · 34773a35 · 34773a35 · 34773a35
Commit 34773a35 authored May 07, 2001 by Kurt Zeilenga
--- a/CHANGES
+++ b/CHANGES
@@ -7,9 +7,10 @@ Changes included in OpenLDAP 1.2.12 Engineering
 	Fixed ldapsearch uninitialized fp bug
 	Fixed Pth initialization bug
 	Fixed libldap/add mod_bvalues typo
-	Fixed ldappasswd crypt(3) crash (ITD#598)
+	Fixed ldappasswd crypt(3) crash (ITS#598)
 	Fixed slapd/config.c MAXARGS boundary condition bug
 	Fixed cn=monitor/config rdwr lock leak
+	Fixed liblber exception handling bugs
 	Build Environment
 		Remove extra Digital UNIX symbol (ITS#590)
 		Ignore make clean rm failure

--- a/libraries/liblber/decode.c
+++ b/libraries/liblber/decode.c
@@ -114,6 +114,12 @@ ber_skip_tag( BerElement *ber, unsigned long *len )
 		*len = lc;
 	}

+
+	/* BER element should have enough data left */
+	if( *len > ber->ber_end - ber->ber_ptr ) {
+		return LBER_DEFAULT;
+	}
+
 	return( tag );
 }

@@ -190,7 +196,8 @@ ber_get_stringb( BerElement *ber, char *buf, unsigned long *len )

 	if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT )
 		return( LBER_DEFAULT );
-	if ( datalen > (*len - 1) )
+
+	if ( datalen >= *len )
 		return( LBER_DEFAULT );

 	if ( (unsigned long) ber_read( ber, buf, datalen ) != datalen )

--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
@@ -541,12 +541,14 @@ ber_get_next( Sockbuf *sb, unsigned long *len, BerElement *ber )

 #if defined( DOS ) && !defined( _WIN32 )
 		if ( *len > 65535 ) {	/* DOS can't allocate > 64K */
+			errno = ERANGE;
 		    return( LBER_DEFAULT );
 		}
 #endif /* DOS && !_WIN32 */

 		if ( ( sb->sb_options & LBER_MAX_INCOMING_SIZE ) &&
 		    *len > (unsigned long) sb->sb_max_incoming ) {
+			errno = ERANGE;
 			return( LBER_DEFAULT );
 		}


--- a/tests/scripts/start-master
+++ b/tests/scripts/start-master
+#! /bin/sh
+
+if test $# -eq 0 ; then
+	SRCDIR="."
+else
+	SRCDIR=$1; shift
+fi
+if test $# -eq 1 ; then
+	BACKEND=$1; shift
+fi
+
+echo "running defines.sh $SRCDIR $BACKEND"
+
+. $SRCDIR/scripts/defines.sh
+
+echo "Datadir is $DATADIR"
+
+echo "Cleaning up in $DBDIR..."
+
+rm -f $DBDIR/[!C]*
+
+echo "Running ldif2ldbm to build slapd database..."
+$LDIF2LDBM -f $CONF -i $LDIF -e ../servers/slapd/tools
+RC=$?
+if test $RC != 0 ; then
+	echo "ldif2ldbm failed!"
+	exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT..."
+$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
+PID=$!
+
+echo "Using ldapsearch to retrieve all the entries..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -L -S "" -b "$BASEDN" -h localhost -p $PORT \
+		'objectClass=*' > $SEARCHOUT 2>&1
+	RC=$?
+	if test $RC = 1 ; then
+		echo "Waiting 5 seconds for slapd to start..."
+		sleep 5
+	fi
+done
+
+# kill -HUP $PID
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed!"
+	exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $SRCDIR/scripts/acfilter.sh < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $SRCDIR/scripts/acfilter.sh < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+cmp $SEARCHFLT $LDIFFLT
+
+if test $? != 0 ; then
+	echo "comparison failed - database was not created correctly"
+	exit 1
+fi
+
+echo ">>>>> Master (pid=$PID) started"
+
+
+exit 0