]> git.ipfire.org Git - thirdparty/openldap.git/commitdiff
projects / thirdparty / openldap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3997ae9)
ITS#8999 fix telephoneNumberNormalize, cert DN validation
authorHoward Chu <hyc@openldap.org>
Tue, 26 Mar 2019 11:17:30 +0000 (11:17 +0000)
committerQuanah Gibson-Mount <quanah@openldap.org>
Wed, 22 May 2019 01:15:37 +0000 (01:15 +0000)
servers/slapd/schema_init.c patch | blob | blame | history

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 643cecde21b5a8a5ce2e85a9ef82e9531913b10e..edd38a69117e163bced123b41003e391284e4a2c 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -2235,7 +2235,7 @@ telephoneNumberNormalize(
        struct berval *normalized,
        void *ctx )
 {
-       char *p, *q;
+       char *p, *q, *end;
 
        assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 );
 
@@ -2247,7 +2247,8 @@ telephoneNumberNormalize(
 
        q = normalized->bv_val = slap_sl_malloc( val->bv_len + 1, ctx );
 
-       for( p = val->bv_val; *p; p++ ) {
+       end = val->bv_val + val->bv_len;
+       for( p = val->bv_val; *p && p < end; p++ ) {
                if ( ! ( ASCII_SPACE( *p ) || *p == '-' )) {
                        *q++ = *p;
                }
@@ -3680,7 +3681,10 @@ certificateExactNormalize(
                bvdn.bv_len = val->bv_len - len;
 
                rc = dnX509normalize( &bvdn, &issuer_dn );
-               if ( rc != LDAP_SUCCESS ) goto done;
+               if ( rc != LDAP_SUCCESS ) {
+                       rc = LDAP_INVALID_SYNTAX;
+                       goto done;
+               }
        }
 
        normalized->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" )
@@ -4168,7 +4172,10 @@ certificateListExactNormalize(
        bvtu.bv_len = len;
 
        rc = dnX509normalize( &bvdn, &issuer_dn );
-       if ( rc != LDAP_SUCCESS ) goto done;
+       if ( rc != LDAP_SUCCESS ) {
+               rc = LDAP_INVALID_SYNTAX;
+               goto done;
+       }
 
        thisUpdate.bv_val = tubuf;
        thisUpdate.bv_len = sizeof(tubuf);
@@ -4820,7 +4827,10 @@ attributeCertificateExactNormalize(
        bvdn.bv_val = val->bv_val + len;
        bvdn.bv_len = val->bv_len - len;
        rc = dnX509normalize( &bvdn, &issuer_dn );
-       if ( rc != LDAP_SUCCESS ) goto done;
+       if ( rc != LDAP_SUCCESS ) {
+               rc = LDAP_INVALID_SYNTAX;
+               goto done;
+       }
        
        tag = ber_skip_tag( ber, &len );        /* sequence of RDN */
        ber_skip_data( ber, len ); 
Mirror of https://git.openldap.org/openldap/openldap.git