From: Ondřej Kuzník Date: Mon, 27 Jul 2020 11:53:00 +0000 (+0200) Subject: ITS#9279 Send Netscape expired control as a bare string X-Git-Tag: OPENLDAP_REL_ENG_2_4_51~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=98937068281a53b40981cfc736e6bdf0a530bdc8;p=thirdparty%2Fopenldap.git ITS#9279 Send Netscape expired control as a bare string --- diff --git a/libraries/libldap/ppolicy.c b/libraries/libldap/ppolicy.c index 78df1d1da1..6a84a66ca3 100644 --- a/libraries/libldap/ppolicy.c +++ b/libraries/libldap/ppolicy.c @@ -221,44 +221,34 @@ ldap_parse_password_expiring_control( LDAPControl *ctrl, long *secondsp ) { - BerElement *ber; - struct berval time_string; long seconds = 0; + char buf[sizeof("-2147483648")]; char *next; assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( ctrl != NULL ); - if ( !ctrl->ldctl_value.bv_val ) { + if ( BER_BVISEMPTY( &ctrl->ldctl_value ) || + ctrl->ldctl_value.bv_len >= sizeof(buf) ) { ld->ld_errno = LDAP_DECODING_ERROR; return(ld->ld_errno); } - /* Create a BerElement from the berval returned in the control. */ - ber = ber_init(&ctrl->ldctl_value); + memcpy( buf, ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len ); + buf[ctrl->ldctl_value.bv_len] = '\0'; - if (ber == NULL) { - ld->ld_errno = LDAP_NO_MEMORY; - return(ld->ld_errno); - } - - if ( ber_get_stringbv( ber, &time_string, 0 ) == LBER_ERROR ) goto exit; - - seconds = strtol( time_string.bv_val, &next, 10 ); - if ( next == time_string.bv_val || next[0] != '\0' ) goto exit; + seconds = strtol( buf, &next, 10 ); + if ( next == buf || next[0] != '\0' ) goto exit; if ( secondsp != NULL ) { *secondsp = seconds; } - ber_free(ber, 1); - ld->ld_errno = LDAP_SUCCESS; return(ld->ld_errno); exit: - ber_free(ber, 1); ld->ld_errno = LDAP_DECODING_ERROR; return(ld->ld_errno); } diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 422a85ad42..e90ba94e27 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -449,24 +449,13 @@ fail: static LDAPControl * create_passexpiry( Operation *op, int expired, int warn ) { - BerElementBuffer berbuf; - BerElement *ber = (BerElement *) &berbuf; - LDAPControl c = { 0 }, *cp; + LDAPControl *cp; char buf[sizeof("-2147483648")]; struct berval bv = { .bv_val = buf, .bv_len = sizeof(buf) }; - int rc; - - BER_BVZERO( &c.ldctl_value ); bv.bv_len = snprintf( bv.bv_val, bv.bv_len, "%d", warn ); - ber_init2( ber, NULL, LBER_USE_DER ); - ber_printf( ber, "O", &bv ); - - if (ber_flatten2( ber, &c.ldctl_value, 0 ) == -1) { - return NULL; - } - cp = op->o_tmpalloc( sizeof( LDAPControl ) + c.ldctl_value.bv_len, op->o_tmpmemctx ); + cp = op->o_tmpalloc( sizeof( LDAPControl ) + bv.bv_len, op->o_tmpmemctx ); if ( expired ) { cp->ldctl_oid = (char *)ppolicy_pwd_expired_oid; } else { @@ -474,11 +463,8 @@ create_passexpiry( Operation *op, int expired, int warn ) } cp->ldctl_iscritical = 0; cp->ldctl_value.bv_val = (char *)&cp[1]; - cp->ldctl_value.bv_len = c.ldctl_value.bv_len; - AC_MEMCPY( cp->ldctl_value.bv_val, c.ldctl_value.bv_val, c.ldctl_value.bv_len ); -fail: - (void)ber_free_buf(ber); - + cp->ldctl_value.bv_len = bv.bv_len; + AC_MEMCPY( cp->ldctl_value.bv_val, bv.bv_val, bv.bv_len ); return cp; }