Skip to content
GitLab
Commits (6)
Show whitespace changes
Inline Side-by-side
CHANGES
View file @ 7c29f6a5
...@@ -5,8 +5,9 @@ OpenLDAP 2.4.57 Engineering ...@@ -5,8 +5,9 @@ OpenLDAP 2.4.57 Engineering
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391) Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410) Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404) Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412) Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407) Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409) Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413) Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
......
libraries/libldap/tls2.c
View file @ 7c29f6a5
...@@ -1248,12 +1248,20 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, ...@@ -1248,12 +1248,20 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
for ( tag = ber_first_element( ber, &len, &rdn_end ); for ( tag = ber_first_element( ber, &len, &rdn_end );
tag == LBER_SEQUENCE; tag == LBER_SEQUENCE;
tag = ber_next_element( ber, &len, rdn_end )) { tag = ber_next_element( ber, &len, rdn_end )) {
if ( rdn_end > dn_end )
return LDAP_DECODING_ERROR;
tag = ber_skip_tag( ber, &len ); tag = ber_skip_tag( ber, &len );
ber_skip_data( ber, len ); ber_skip_data( ber, len );
navas++; navas++;
} }
} }
/* Rewind and prepare to extract */
ber_rewind( ber );
tag = ber_first_element( ber, &len, &dn_end );
if ( tag != LBER_SET )
return LDAP_DECODING_ERROR;
/* Allocate the DN/RDN/AVA stuff as a single block */ /* Allocate the DN/RDN/AVA stuff as a single block */
dnsize = sizeof(LDAPRDN) * (nrdns+1); dnsize = sizeof(LDAPRDN) * (nrdns+1);
dnsize += sizeof(LDAPAVA *) * (navas+nrdns); dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
...@@ -1271,10 +1279,6 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, ...@@ -1271,10 +1279,6 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
newAVA = (LDAPAVA *)(newRDN + navas + nrdns); newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
baseAVA = newAVA; baseAVA = newAVA;
/* Rewind and start extracting */
ber_rewind( ber );
tag = ber_first_element( ber, &len, &dn_end );
for ( i = nrdns - 1; i >= 0; i-- ) { for ( i = nrdns - 1; i >= 0; i-- ) {
newDN[i] = newRDN; newDN[i] = newRDN;
...@@ -1368,6 +1372,10 @@ allocd: ...@@ -1368,6 +1372,10 @@ allocd:
/* X.690 bitString value converted to RFC4517 Bit String */ /* X.690 bitString value converted to RFC4517 Bit String */
rc = der_to_ldap_BitString( &Val, &newAVA->la_value ); rc = der_to_ldap_BitString( &Val, &newAVA->la_value );
goto allocd; goto allocd;
case LBER_DEFAULT:
/* decode error */
rc = LDAP_DECODING_ERROR;
goto nomem;
default: default:
/* Not a string type at all */ /* Not a string type at all */
newAVA->la_flags = 0; newAVA->la_flags = 0;
......
servers/slapd/schema_init.c
View file @ 7c29f6a5
...@@ -4302,7 +4302,7 @@ serialNumberAndIssuerSerialCheck( ...@@ -4302,7 +4302,7 @@ serialNumberAndIssuerSerialCheck(
if ( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX; if ( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
/* no old format */ /* no old format */
if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX; if ( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX;
x.bv_val++; x.bv_val++;
x.bv_len -= 2; x.bv_len -= 2;
......