ldap/servers/plugins/acl/acllas.c | 4 ++-- ldap/servers/plugins/acl/aclparse.c | 26 +++++++++++++++++++++++++- 2 files changed, 27 insertions(+), 3 deletions(-)
New commits: commit ac26aed350efff609b721dd9d8fb0082ccdb4555 Author: Noriko Hosoi nhosoi@redhat.com Date: Tue Apr 27 10:31:49 2010 -0700
585905 - ACL with targattrfilters error crashes the server
https://bugzilla.redhat.com/show_bug.cgi?id=585905
Bug Description: targattrfilters takes this format of value: (targattrfilters="add=attr1:F1 && attr2:F2... && attrn:Fn,del=attr1:F1 && attr2:F2 ... && attrn:Fn") The ACL plugin code had blindly expected the value contains the operator "add" or "del" and '=' to concatenate the attribute and filter pair. The plugin should have checked the possibility that the value does not follow the format.
Fix Description: If '=' is not included in the targattrfilters value, the ACL parser returns ACL_SYNTAX_ERR. Also, adding a check code for the returned pointer from strchr and strstr.
diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c index 0c8d0fa..80fcfa0 100644 --- a/ldap/servers/plugins/acl/aclparse.c +++ b/ldap/servers/plugins/acl/aclparse.c @@ -291,6 +291,9 @@ __aclp__parse_aci (char *str, aci_t *aci_item) }
tmpstr = strchr(str, '='); + if (NULL == tmpstr) { + return ACL_SYNTAX_ERR; + } tmpstr++; __acl_strip_leading_space(&tmpstr);
@@ -777,6 +780,9 @@ normalize_nextACERule: } } else if ( 0 == strncmp ( s, DS_LAS_USERDN, 6)) { p = strstr ( s, "="); + if (NULL == p) { + goto error; + } p--; if ( strncmp (p, "!=", 2) == 0) aci_item->aci_type |= ACI_CONTAIN_NOT_USERDN; @@ -840,6 +846,9 @@ normalize_nextACERule: } else if ( 0 == strncmp ( s, DS_LAS_GROUPDN, 7)) {
p = strstr ( s, "="); + if (NULL == p) { + goto error; + } p--; if ( strncmp (p, "!=", 2) == 0) aci_item->aci_type |= ACI_CONTAIN_NOT_GROUPDN; @@ -860,6 +869,9 @@ normalize_nextACERule: } else if ( 0 == strncmp ( s, DS_LAS_ROLEDN, 6)) {
p = strstr ( s, "="); + if (NULL == p) { + goto error; + } p--; if ( strncmp (p, "!=", 2) == 0) aci_item->aci_type |= ACI_CONTAIN_NOT_ROLEDN; @@ -1270,6 +1282,9 @@ __aclp__init_targetattr (aci_t *aci, char *attr_val) Targetattr *attr = NULL;
s = strchr (attr_val, '='); + if (NULL == s) { + return ACL_SYNTAX_ERR; + } s++; __acl_strip_leading_space(&s); __acl_strip_trailing_space(s); @@ -1695,6 +1710,9 @@ static int __acl__init_targetattrfilters( aci_t *aci, char *input_str) { /* First, skip the "targetattrfilters" */
s = strchr (input_str, '='); + if (NULL == s) { + return ACL_SYNTAX_ERR; + } s++; /* skip the = */ __acl_strip_leading_space(&s); /* skip to next significant character */ __acl_strip_trailing_space(s); @@ -1720,6 +1738,9 @@ static int __acl__init_targetattrfilters( aci_t *aci, char *input_str) { */
s = strchr (str, '='); + if (NULL == s) { + return ACL_SYNTAX_ERR; + } *s = '\0'; s++; /* skip the = */ __acl_strip_leading_space(&s); /* start of the first filter list */ @@ -1769,7 +1790,10 @@ static int __acl__init_targetattrfilters( aci_t *aci, char *input_str) { if (str != NULL ){
__acl_strip_leading_space(&str); - s = strchr (str, '='); + s = strchr (str, '='); + if (NULL == s) { + return ACL_SYNTAX_ERR; + } *s = '\0'; s++; __acl_strip_trailing_space(str);
commit c7fdf24cf58e7da5f5c297657e9e39ad1e72bbf4 Author: Rich Megginson rmeggins@redhat.com Date: Mon Apr 26 19:53:15 2010 -0600
Fix too few args for format warning in acllas
Removed unused format arguments from format string
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c index 9fbd25b..12cefaf 100644 --- a/ldap/servers/plugins/acl/acllas.c +++ b/ldap/servers/plugins/acl/acllas.c @@ -3545,7 +3545,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url prefix_len = LDAPS_URL_prefix_len; } else { slapi_log_error (SLAPI_LOG_ACL, plugin_name, - "acllas__client_match_URL: url %s does not include ldap prefix: %s\n", url); + "acllas__client_match_URL: url %s does not have a recognized ldap protocol prefix\n", url); return ACL_FALSE; } rawdn = url + prefix_len; /* ldap(s)://host:port/... or ldap(s):///... */ @@ -3560,7 +3560,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url size_t hostport_len = 0; if (NULL == rawdn) { slapi_log_error (SLAPI_LOG_ACL, plugin_name, - "acllas__client_match_URL: url %s does not include correct ldap prefix: %s\n", url); + "acllas__client_match_URL: url %s does not have a valid ldap protocol prefix\n", url); return ACL_FALSE; } hostport_len = ++rawdn - tmpp; /* ldap(s)://host:port/... */
389-commits@lists.fedoraproject.org