[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-commits
Subject: [389-commits] Branch 'Directory_Server_8_2_Branch' - 2 commits -
From: Noriko Hosoi <nhosoi () fedoraproject ! org>
Date: 2010-04-27 17:49:50
Message-ID: 20100427174950.6FC5E12095A () lists ! fedorahosted ! org
[Download RAW message or body]
ldap/servers/plugins/acl/acllas.c | 4 ++--
ldap/servers/plugins/acl/aclparse.c | 26 +++++++++++++++++++++++++-
2 files changed, 27 insertions(+), 3 deletions(-)
New commits:
commit ac26aed350efff609b721dd9d8fb0082ccdb4555
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue Apr 27 10:31:49 2010 -0700
585905 - ACL with targattrfilters error crashes the server
https://bugzilla.redhat.com/show_bug.cgi?id=585905
Bug Description:
targattrfilters takes this format of value:
(targattrfilters="add=attr1:F1 && attr2:F2... &&
attrn:Fn,del=attr1:F1 && attr2:F2 ... && attrn:Fn")
The ACL plugin code had blindly expected the value contains
the operator "add" or "del" and '=' to concatenate the
attribute and filter pair. The plugin should have checked
the possibility that the value does not follow the format.
Fix Description:
If '=' is not included in the targattrfilters value, the
ACL parser returns ACL_SYNTAX_ERR. Also, adding a check
code for the returned pointer from strchr and strstr.
diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c
index 0c8d0fa..80fcfa0 100644
--- a/ldap/servers/plugins/acl/aclparse.c
+++ b/ldap/servers/plugins/acl/aclparse.c
@@ -291,6 +291,9 @@ __aclp__parse_aci (char *str, aci_t *aci_item)
}
tmpstr = strchr(str, '=');
+ if (NULL == tmpstr) {
+ return ACL_SYNTAX_ERR;
+ }
tmpstr++;
__acl_strip_leading_space(&tmpstr);
@@ -777,6 +780,9 @@ normalize_nextACERule:
}
} else if ( 0 == strncmp ( s, DS_LAS_USERDN, 6)) {
p = strstr ( s, "=");
+ if (NULL == p) {
+ goto error;
+ }
p--;
if ( strncmp (p, "!=", 2) == 0)
aci_item->aci_type |= ACI_CONTAIN_NOT_USERDN;
@@ -840,6 +846,9 @@ normalize_nextACERule:
} else if ( 0 == strncmp ( s, DS_LAS_GROUPDN, 7)) {
p = strstr ( s, "=");
+ if (NULL == p) {
+ goto error;
+ }
p--;
if ( strncmp (p, "!=", 2) == 0)
aci_item->aci_type |= ACI_CONTAIN_NOT_GROUPDN;
@@ -860,6 +869,9 @@ normalize_nextACERule:
} else if ( 0 == strncmp ( s, DS_LAS_ROLEDN, 6)) {
p = strstr ( s, "=");
+ if (NULL == p) {
+ goto error;
+ }
p--;
if ( strncmp (p, "!=", 2) == 0)
aci_item->aci_type |= ACI_CONTAIN_NOT_ROLEDN;
@@ -1270,6 +1282,9 @@ __aclp__init_targetattr (aci_t *aci, char *attr_val)
Targetattr *attr = NULL;
s = strchr (attr_val, '=');
+ if (NULL == s) {
+ return ACL_SYNTAX_ERR;
+ }
s++;
__acl_strip_leading_space(&s);
__acl_strip_trailing_space(s);
@@ -1695,6 +1710,9 @@ static int __acl__init_targetattrfilters( aci_t *aci, char *input_str) {
/* First, skip the "targetattrfilters" */
s = strchr (input_str, '=');
+ if (NULL == s) {
+ return ACL_SYNTAX_ERR;
+ }
s++; /* skip the = */
__acl_strip_leading_space(&s); /* skip to next significant character */
__acl_strip_trailing_space(s);
@@ -1720,6 +1738,9 @@ static int __acl__init_targetattrfilters( aci_t *aci, char *input_str) {
*/
s = strchr (str, '=');
+ if (NULL == s) {
+ return ACL_SYNTAX_ERR;
+ }
*s = '\0';
s++; /* skip the = */
__acl_strip_leading_space(&s); /* start of the first filter list */
@@ -1769,7 +1790,10 @@ static int __acl__init_targetattrfilters( aci_t *aci, char *input_str) {
if (str != NULL ){
__acl_strip_leading_space(&str);
- s = strchr (str, '=');
+ s = strchr (str, '=');
+ if (NULL == s) {
+ return ACL_SYNTAX_ERR;
+ }
*s = '\0';
s++;
__acl_strip_trailing_space(str);
commit c7fdf24cf58e7da5f5c297657e9e39ad1e72bbf4
Author: Rich Megginson <rmeggins@redhat.com>
Date: Mon Apr 26 19:53:15 2010 -0600
Fix too few args for format warning in acllas
Removed unused format arguments from format string
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index 9fbd25b..12cefaf 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -3545,7 +3545,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
prefix_len = LDAPS_URL_prefix_len;
} else {
slapi_log_error (SLAPI_LOG_ACL, plugin_name,
- "acllas__client_match_URL: url %s does not include ldap prefix: %s\n", url);
+ "acllas__client_match_URL: url %s does not have a recognized ldap protocol prefix\n", url);
return ACL_FALSE;
}
rawdn = url + prefix_len; /* ldap(s)://host:port/... or ldap(s):///... */
@@ -3560,7 +3560,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
size_t hostport_len = 0;
if (NULL == rawdn) {
slapi_log_error (SLAPI_LOG_ACL, plugin_name,
- "acllas__client_match_URL: url %s does not include correct ldap prefix: %s\n", url);
+ "acllas__client_match_URL: url %s does not have a valid ldap protocol prefix\n", url);
return ACL_FALSE;
}
hostport_len = ++rawdn - tmpp; /* ldap(s)://host:port/... */
--
389 commits mailing list
389-commits@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic