Commits (6)
......@@ -5,8 +5,9 @@ OpenLDAP 2.4.57 Engineering
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
......
......@@ -1248,12 +1248,20 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
for ( tag = ber_first_element( ber, &len, &rdn_end );
tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, rdn_end )) {
if ( rdn_end > dn_end )
return LDAP_DECODING_ERROR;
tag = ber_skip_tag( ber, &len );
ber_skip_data( ber, len );
navas++;
}
}
/* Rewind and prepare to extract */
ber_rewind( ber );
tag = ber_first_element( ber, &len, &dn_end );
if ( tag != LBER_SET )
return LDAP_DECODING_ERROR;
/* Allocate the DN/RDN/AVA stuff as a single block */
dnsize = sizeof(LDAPRDN) * (nrdns+1);
dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
......@@ -1265,16 +1273,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
} else {
newDN = (LDAPDN)(char *)ptrs;
}
newDN[nrdns] = NULL;
newRDN = (LDAPRDN)(newDN + nrdns+1);
newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
baseAVA = newAVA;
/* Rewind and start extracting */
ber_rewind( ber );
tag = ber_first_element( ber, &len, &dn_end );
for ( i = nrdns - 1; i >= 0; i-- ) {
newDN[i] = newRDN;
......@@ -1368,6 +1372,10 @@ allocd:
/* X.690 bitString value converted to RFC4517 Bit String */
rc = der_to_ldap_BitString( &Val, &newAVA->la_value );
goto allocd;
case LBER_DEFAULT:
/* decode error */
rc = LDAP_DECODING_ERROR;
goto nomem;
default:
/* Not a string type at all */
newAVA->la_flags = 0;
......
......@@ -4302,7 +4302,7 @@ serialNumberAndIssuerSerialCheck(
if ( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
/* no old format */
if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX;
if ( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX;
x.bv_val++;
x.bv_len -= 2;
......