Mercurial > illumos > illumos-gate
changeset 13575:36d25dce128e
1668 ldap format string issues when merging search descriptors
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Michael Speer <michael.speer@pluribusnetworks.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
author | Richard Lowe <richlowe@richlowe.net> |
---|---|
date | Mon, 23 Jan 2012 17:49:47 -0500 |
parents | d0fde6cacaac |
children | fcde6b8bbfd2 |
files | usr/src/cmd/idmap/idmapd/nldaputils.c usr/src/cmd/ldap/ns_ldap/ldaplist.c usr/src/lib/libsldap/common/ns_getalias.c usr/src/lib/nsswitch/ldap/common/ldap_utils.c |
diffstat | 4 files changed, 74 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/idmap/idmapd/nldaputils.c Mon Jan 23 19:46:52 2012 -0800 +++ b/usr/src/cmd/idmap/idmapd/nldaputils.c Mon Jan 23 17:49:47 2012 -0500 @@ -21,6 +21,7 @@ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2011 Nexenta Systems, Inc. All rights reserved. */ /* @@ -147,11 +148,28 @@ char **realfilter, const void *userdata) { int len; + char *checker; + if (realfilter == NULL) return (NS_LDAP_INVALID_PARAM); *realfilter = NULL; if (desc == NULL || desc->filter == NULL || userdata == NULL) return (NS_LDAP_INVALID_PARAM); + + /* Parameter check. We only want one %s here, otherwise bail. */ + len = 0; /* Reuse 'len' as "Number of %s hits"... */ + checker = (char *)userdata; + do { + checker = strchr(checker, '%'); + if (checker != NULL) { + if (len > 0 || *(checker + 1) != 's') + return (NS_LDAP_INVALID_PARAM); + len++; /* Got our %s. */ + checker += 2; + } else if (len != 1) + return (NS_LDAP_INVALID_PARAM); + } while (checker != NULL); + len = strlen(userdata) + strlen(desc->filter) + 1; *realfilter = (char *)malloc(len); if (*realfilter == NULL)
--- a/usr/src/cmd/ldap/ns_ldap/ldaplist.c Mon Jan 23 19:46:52 2012 -0800 +++ b/usr/src/cmd/ldap/ns_ldap/ldaplist.c Mon Jan 23 17:49:47 2012 -0500 @@ -20,6 +20,7 @@ */ /* * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2011 Nexenta Systems, Inc. All rights reserved. */ @@ -148,6 +149,7 @@ const void *userdata) { int len; + char *checker; /* sanity check */ if (realfilter == NULL) @@ -158,6 +160,20 @@ userdata == NULL) return (NS_LDAP_INVALID_PARAM); + /* Parameter check. We only want one %s here, otherwise bail. */ + len = 0; /* Reuse 'len' as "Number of %s hits"... */ + checker = (char *)userdata; + do { + checker = strchr(checker, '%'); + if (checker != NULL) { + if (len > 0 || *(checker + 1) != 's') + return (NS_LDAP_INVALID_PARAM); + len++; /* Got our %s. */ + checker += 2; + } else if (len != 1) + return (NS_LDAP_INVALID_PARAM); + } while (checker != NULL); + len = strlen(userdata) + strlen(desc->filter) + 1; *realfilter = (char *)malloc(len);
--- a/usr/src/lib/libsldap/common/ns_getalias.c Mon Jan 23 19:46:52 2012 -0800 +++ b/usr/src/lib/libsldap/common/ns_getalias.c Mon Jan 23 17:49:47 2012 -0500 @@ -22,10 +22,9 @@ /* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2011 Nexenta Systems, Inc. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <stdlib.h> #include <libintl.h> #include <stdio.h> @@ -72,24 +71,37 @@ const void *userdata) { int len; + char *checker; /* sanity check */ if (realfilter == NULL) return (NS_LDAP_INVALID_PARAM); *realfilter = NULL; - if (desc == NULL || desc->filter == NULL || - userdata == NULL) + if (desc == NULL || desc->filter == NULL || userdata == NULL) return (NS_LDAP_INVALID_PARAM); + /* Parameter check. We only want one %s here, otherwise bail. */ + len = 0; /* Reuse 'len' as "Number of %s hits"... */ + checker = (char *)userdata; + do { + checker = strchr(checker, '%'); + if (checker != NULL) { + if (len > 0 || *(checker + 1) != 's') + return (NS_LDAP_INVALID_PARAM); + len++; /* Got our %s. */ + checker += 2; + } else if (len != 1) + return (NS_LDAP_INVALID_PARAM); + } while (checker != NULL); + len = strlen(userdata) + strlen(desc->filter) + 1; *realfilter = (char *)malloc(len); if (*realfilter == NULL) return (NS_LDAP_MEMORY); - (void) sprintf(*realfilter, (char *)userdata, - desc->filter); + (void) sprintf(*realfilter, (char *)userdata, desc->filter); return (NS_LDAP_SUCCESS); } @@ -142,9 +154,9 @@ /* should we do hardlookup */ rc = __ns_ldap_list(service, (const char *)filter, - __s_api_merge_SSD_filter, - (const char **)attribute, NULL, 0, &result, - &errorp, NULL, userdata); + __s_api_merge_SSD_filter, + (const char **)attribute, NULL, 0, &result, + &errorp, NULL, userdata); if (rc == NS_LDAP_NOTFOUND) { errno = ENOENT; @@ -157,7 +169,7 @@ if (errorp) { if (errorp->message) (void) fprintf(stderr, "%s (%s)\n", p, - errorp->message); + errorp->message); } else (void) fprintf(stderr, "%s\n", p); #endif /* DEBUG */
--- a/usr/src/lib/nsswitch/ldap/common/ldap_utils.c Mon Jan 23 19:46:52 2012 -0800 +++ b/usr/src/lib/nsswitch/ldap/common/ldap_utils.c Mon Jan 23 17:49:47 2012 -0500 @@ -22,10 +22,9 @@ /* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2011 Nexenta Systems, Inc. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/systeminfo.h> #include "ldap_common.h" @@ -215,6 +214,7 @@ const void *userdata) { int len; + char *checker; #ifdef DEBUG (void) fprintf(stdout, "\n[ldap_utils.c: _merge_SSD_filter]\n"); @@ -225,10 +225,23 @@ return (NS_LDAP_INVALID_PARAM); *realfilter = NULL; - if (desc == NULL || desc->filter == NULL || - userdata == NULL) + if (desc == NULL || desc->filter == NULL || userdata == NULL) return (NS_LDAP_INVALID_PARAM); + /* Parameter check. We only want one %s here, otherwise bail. */ + len = 0; /* Reuse 'len' as "Number of %s hits"... */ + checker = (char *)userdata; + do { + checker = strchr(checker, '%'); + if (checker != NULL) { + if (len > 0 || *(checker + 1) != 's') + return (NS_LDAP_INVALID_PARAM); + len++; /* Got our %s. */ + checker += 2; + } else if (len != 1) + return (NS_LDAP_INVALID_PARAM); + } while (checker != NULL); + #ifdef DEBUG (void) fprintf(stdout, "\n[userdata: %s]\n", (char *)userdata); (void) fprintf(stdout, "\n[SSD filter: %s]\n", desc->filter); @@ -240,8 +253,7 @@ if (*realfilter == NULL) return (NS_LDAP_MEMORY); - (void) sprintf(*realfilter, (char *)userdata, - desc->filter); + (void) sprintf(*realfilter, (char *)userdata, desc->filter); #ifdef DEBUG (void) fprintf(stdout, "\n[new filter: %s]\n", *realfilter);