From: Howard Chu Date: Thu, 25 Aug 2022 15:13:21 +0000 (+0100) Subject: ITS#9904 ldap_url_parsehosts: check for strdup failure X-Git-Tag: OPENLDAP_REL_ENG_2_5_14~96 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6563fab9e2feccb0a684d0398e78571d09fb808b;p=thirdparty%2Fopenldap.git ITS#9904 ldap_url_parsehosts: check for strdup failure Avoid unnecessary strdup in IPv6 addr parsing, check for strdup failure when dup'ing scheme. Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59 --- diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c index dcf2aac9e8..493fd7ce47 100644 --- a/libraries/libldap/url.c +++ b/libraries/libldap/url.c @@ -1385,24 +1385,22 @@ ldap_url_parsehosts( } ludp->lud_port = port; ludp->lud_host = specs[i]; - specs[i] = NULL; p = strchr(ludp->lud_host, ':'); if (p != NULL) { /* more than one :, IPv6 address */ if ( strchr(p+1, ':') != NULL ) { /* allow [address] and [address]:port */ if ( *ludp->lud_host == '[' ) { - p = LDAP_STRDUP(ludp->lud_host+1); - /* copied, make sure we free source later */ - specs[i] = ludp->lud_host; - ludp->lud_host = p; - p = strchr( ludp->lud_host, ']' ); + p = strchr( ludp->lud_host+1, ']' ); if ( p == NULL ) { LDAP_FREE(ludp); ldap_charray_free(specs); return LDAP_PARAM_ERROR; } - *p++ = '\0'; + /* Truncate trailing ']' and shift hostname down 1 char */ + *p = '\0'; + AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host ); + p++; if ( *p != ':' ) { if ( *p != '\0' ) { LDAP_FREE(ludp); @@ -1428,14 +1426,19 @@ ldap_url_parsehosts( } } } - ldap_pvt_hex_unescape(ludp->lud_host); ludp->lud_scheme = LDAP_STRDUP("ldap"); + if ( ludp->lud_scheme == NULL ) { + LDAP_FREE(ludp); + ldap_charray_free(specs); + return LDAP_NO_MEMORY; + } + specs[i] = NULL; + ldap_pvt_hex_unescape(ludp->lud_host); ludp->lud_next = *ludlist; *ludlist = ludp; } /* this should be an array of NULLs now */ - /* except entries starting with [ */ ldap_charray_free(specs); return LDAP_SUCCESS; }