Mercurial > illumos > illumos-gate

changeset 13575:36d25dce128e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
1668 ldap format string issues when merging search descriptors Reviewed by: Richard Lowe <richlowe@richlowe.net> Reviewed by: Gordon Ross <gwr@nexenta.com> Reviewed by: Michael Speer <michael.speer@pluribusnetworks.com> Approved by: Richard Lowe <richlowe@richlowe.net>
author Richard Lowe <richlowe@richlowe.net>
date Mon, 23 Jan 2012 17:49:47 -0500
parents d0fde6cacaac
children fcde6b8bbfd2
files usr/src/cmd/idmap/idmapd/nldaputils.c usr/src/cmd/ldap/ns_ldap/ldaplist.c usr/src/lib/libsldap/common/ns_getalias.c usr/src/lib/nsswitch/ldap/common/ldap_utils.c
diffstat 4 files changed, 74 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/idmap/idmapd/nldaputils.c	Mon Jan 23 19:46:52 2012 -0800
+++ b/usr/src/cmd/idmap/idmapd/nldaputils.c	Mon Jan 23 17:49:47 2012 -0500
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
 /*
@@ -147,11 +148,28 @@
 	char **realfilter, const void *userdata)
 {
 	int	len;
+	char *checker;
+
 	if (realfilter == NULL)
 		return (NS_LDAP_INVALID_PARAM);
 	*realfilter = NULL;
 	if (desc == NULL || desc->filter == NULL || userdata == NULL)
 		return (NS_LDAP_INVALID_PARAM);
+
+	/* Parameter check.  We only want one %s here, otherwise bail. */
+	len = 0;	/* Reuse 'len' as "Number of %s hits"... */
+	checker = (char *)userdata;
+	do {
+		checker = strchr(checker, '%');
+		if (checker != NULL) {
+			if (len > 0 || *(checker + 1) != 's')
+				return (NS_LDAP_INVALID_PARAM);
+			len++;	/* Got our %s. */
+			checker += 2;
+		} else if (len != 1)
+			return (NS_LDAP_INVALID_PARAM);
+	} while (checker != NULL);
+
 	len = strlen(userdata) + strlen(desc->filter) + 1;
 	*realfilter = (char *)malloc(len);
 	if (*realfilter == NULL)
--- a/usr/src/cmd/ldap/ns_ldap/ldaplist.c	Mon Jan 23 19:46:52 2012 -0800
+++ b/usr/src/cmd/ldap/ns_ldap/ldaplist.c	Mon Jan 23 17:49:47 2012 -0500
@@ -20,6 +20,7 @@
  */
 /*
  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
 
@@ -148,6 +149,7 @@
 			const void *userdata)
 {
 	int	len;
+	char *checker;
 
 	/* sanity check */
 	if (realfilter == NULL)
@@ -158,6 +160,20 @@
 	    userdata == NULL)
 		return (NS_LDAP_INVALID_PARAM);
 
+	/* Parameter check.  We only want one %s here, otherwise bail. */
+	len = 0;	/* Reuse 'len' as "Number of %s hits"... */
+	checker = (char *)userdata;
+	do {
+		checker = strchr(checker, '%');
+		if (checker != NULL) {
+			if (len > 0 || *(checker + 1) != 's')
+				return (NS_LDAP_INVALID_PARAM);
+			len++;	/* Got our %s. */
+			checker += 2;
+		} else if (len != 1)
+			return (NS_LDAP_INVALID_PARAM);
+	} while (checker != NULL);
+
 	len = strlen(userdata) + strlen(desc->filter) + 1;
 
 	*realfilter = (char *)malloc(len);
--- a/usr/src/lib/libsldap/common/ns_getalias.c	Mon Jan 23 19:46:52 2012 -0800
+++ b/usr/src/lib/libsldap/common/ns_getalias.c	Mon Jan 23 17:49:47 2012 -0500
@@ -22,10 +22,9 @@
 /*
  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <stdlib.h>
 #include <libintl.h>
 #include <stdio.h>
@@ -72,24 +71,37 @@
 			const void *userdata)
 {
 	int	len;
+	char *checker;
 
 	/* sanity check */
 	if (realfilter == NULL)
 		return (NS_LDAP_INVALID_PARAM);
 	*realfilter = NULL;
 
-	if (desc == NULL || desc->filter == NULL ||
-			userdata == NULL)
+	if (desc == NULL || desc->filter == NULL || userdata == NULL)
 		return (NS_LDAP_INVALID_PARAM);
 
+	/* Parameter check.  We only want one %s here, otherwise bail. */
+	len = 0;	/* Reuse 'len' as "Number of %s hits"... */
+	checker = (char *)userdata;
+	do {
+		checker = strchr(checker, '%');
+		if (checker != NULL) {
+			if (len > 0 || *(checker + 1) != 's')
+				return (NS_LDAP_INVALID_PARAM);
+			len++;	/* Got our %s. */
+			checker += 2;
+		} else if (len != 1)
+			return (NS_LDAP_INVALID_PARAM);
+	} while (checker != NULL);
+
 	len = strlen(userdata) + strlen(desc->filter) + 1;
 
 	*realfilter = (char *)malloc(len);
 	if (*realfilter == NULL)
 		return (NS_LDAP_MEMORY);
 
-	(void) sprintf(*realfilter, (char *)userdata,
-			desc->filter);
+	(void) sprintf(*realfilter, (char *)userdata, desc->filter);
 
 	return (NS_LDAP_SUCCESS);
 }
@@ -142,9 +154,9 @@
 
 	/* should we do hardlookup */
 	rc = __ns_ldap_list(service, (const char *)filter,
-		__s_api_merge_SSD_filter,
-		(const char **)attribute, NULL, 0, &result,
-		&errorp, NULL, userdata);
+	    __s_api_merge_SSD_filter,
+	    (const char **)attribute, NULL, 0, &result,
+	    &errorp, NULL, userdata);
 
 	if (rc == NS_LDAP_NOTFOUND) {
 		errno = ENOENT;
@@ -157,7 +169,7 @@
 		if (errorp) {
 			if (errorp->message)
 				(void) fprintf(stderr, "%s (%s)\n", p,
-					errorp->message);
+				    errorp->message);
 		} else
 			(void) fprintf(stderr, "%s\n", p);
 #endif /* DEBUG */
--- a/usr/src/lib/nsswitch/ldap/common/ldap_utils.c	Mon Jan 23 19:46:52 2012 -0800
+++ b/usr/src/lib/nsswitch/ldap/common/ldap_utils.c	Mon Jan 23 17:49:47 2012 -0500
@@ -22,10 +22,9 @@
 /*
  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <sys/systeminfo.h>
 #include "ldap_common.h"
 
@@ -215,6 +214,7 @@
 			const void *userdata)
 {
 	int	len;
+	char *checker;
 
 #ifdef DEBUG
 	(void) fprintf(stdout, "\n[ldap_utils.c: _merge_SSD_filter]\n");
@@ -225,10 +225,23 @@
 		return (NS_LDAP_INVALID_PARAM);
 	*realfilter = NULL;
 
-	if (desc == NULL || desc->filter == NULL ||
-			userdata == NULL)
+	if (desc == NULL || desc->filter == NULL || userdata == NULL)
 		return (NS_LDAP_INVALID_PARAM);
 
+	/* Parameter check.  We only want one %s here, otherwise bail. */
+	len = 0;	/* Reuse 'len' as "Number of %s hits"... */
+	checker = (char *)userdata;
+	do {
+		checker = strchr(checker, '%');
+		if (checker != NULL) {
+			if (len > 0 || *(checker + 1) != 's')
+				return (NS_LDAP_INVALID_PARAM);
+			len++;	/* Got our %s. */
+			checker += 2;
+		} else if (len != 1)
+			return (NS_LDAP_INVALID_PARAM);
+	} while (checker != NULL);
+
 #ifdef DEBUG
 	(void) fprintf(stdout, "\n[userdata: %s]\n", (char *)userdata);
 	(void) fprintf(stdout, "\n[SSD filter: %s]\n", desc->filter);
@@ -240,8 +253,7 @@
 	if (*realfilter == NULL)
 		return (NS_LDAP_MEMORY);
 
-	(void) sprintf(*realfilter, (char *)userdata,
-			desc->filter);
+	(void) sprintf(*realfilter, (char *)userdata, desc->filter);
 
 #ifdef DEBUG
 	(void) fprintf(stdout, "\n[new filter: %s]\n", *realfilter);