From 65f273ba3d0eb2621b6db4f0ce4a1ce6857d5566 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sat, 26 Apr 2003 16:56:37 +0000 Subject: [PATCH] Fixed SASL interactive free bug (ITS#2423) Fixed liblber multi-value decode bug (ITS#2458) Fixed liblber over read bug (ITS#2465) --- CHANGES | 5 +++- clients/tools/common.c | 1 + libraries/liblber/decode.c | 1 + libraries/liblber/io.c | 11 ++++----- libraries/libldap/cyrus.c | 20 --------------- libraries/liblutil/sasl.c | 50 ++++++++++++++++++++++---------------- 6 files changed, 40 insertions(+), 48 deletions(-) diff --git a/CHANGES b/CHANGES index 5955fa0ec2..c258a4e7fa 100644 --- a/CHANGES +++ b/CHANGES @@ -8,7 +8,10 @@ OpenLDAP 2.1.18 Engineering Fixed slapd ACL group DN crash (ITS#2467) Fixed slapd substring normalization bug (ITS#2468) Fixed back-bdb search filter empty value bug (ITS#2453) - Fixed ldappasswd -y support + Fixed SASL interactive free bug (ITS#2423) + Fixed liblber multi-value decode bug (ITS#2458) + Fixed liblber over read bug (ITS#2465) + Fixed ldappasswd -y support (ITS#2441) OpenLDAP 2.1.17 Release Fixed libldap_r thread pool context bug (ITS#2404) diff --git a/clients/tools/common.c b/clients/tools/common.c index d39b3d9bd8..526358d8f6 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -670,6 +670,7 @@ tool_bind( LDAP *ld ) sasl_mech, NULL, NULL, sasl_flags, lutil_sasl_interact, defaults ); + lutil_sasl_freedefs( defaults ); if( rc != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_sasl_interactive_bind_s" ); exit( EXIT_FAILURE ); diff --git a/libraries/liblber/decode.c b/libraries/liblber/decode.c index dc1518bcf4..fd52e77b65 100644 --- a/libraries/liblber/decode.c +++ b/libraries/liblber/decode.c @@ -324,6 +324,7 @@ ber_get_stringbvl( bgbvr *b, ber_len_t *rlen ) { if (ber_skip_tag( b->ber, &len ) == LBER_DEFAULT) break; b->ber->ber_ptr += len; + b->ber->ber_tag = *(unsigned char *)b->ber->ber_ptr; } } diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c index 931982cf90..ed997bea93 100644 --- a/libraries/liblber/io.c +++ b/libraries/liblber/io.c @@ -510,13 +510,13 @@ ber_get_next( } while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr < - (char *)&ber->ber_len + LENSIZE*2) { + (char *)&ber->ber_len + LENSIZE*2 -1) { ber_slen_t sblen; char buf[sizeof(ber->ber_len)-1]; ber_len_t tlen = 0; sblen=ber_int_sb_read( sb, ber->ber_rwptr, - ((char *)&ber->ber_len + LENSIZE*2)-ber->ber_rwptr); + ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr); if (sblen<=0) return LBER_DEFAULT; ber->ber_rwptr += sblen; @@ -527,10 +527,10 @@ ber_get_next( tag = *p++; if ((tag & LBER_BIG_TAG_MASK) == LBER_BIG_TAG_MASK) { ber_len_t i; - for (i=1; (char *)pber_rwptr; i++,p++) { + for (i=1; (char *)pber_rwptr; i++) { tag <<= 8; - tag |= *p; - if (!(*p & LBER_MORE_TAG_MASK)) + tag |= *p++; + if (!(tag & LBER_MORE_TAG_MASK)) break; /* Is the tag too big? */ if (i == sizeof(ber_tag_t)-1) { @@ -542,7 +542,6 @@ ber_get_next( if ((char *)p == ber->ber_rwptr) { return LBER_DEFAULT; } - p++; } ber->ber_tag = tag; ber->ber_ptr = (char *)p; diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index b984f13305..46449c54bc 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -529,7 +529,6 @@ ldap_int_sasl_bind( sasl_ssf_t *ssf = NULL; sasl_conn_t *ctx; sasl_interact_t *prompts = NULL; - const void *promptresult = NULL; unsigned credlen; struct berval ccred; ber_socket_t sd; @@ -590,9 +589,6 @@ ldap_int_sasl_bind( &credlen, &mech ); - /* Cyrus SASL library doesn't initialize the prompt result pointer */ - if( promptresult == NULL && prompts != NULL ) prompts->result = NULL; - if( pmech == NULL && mech != NULL ) { pmech = mech; @@ -608,11 +604,6 @@ ldap_int_sasl_bind( if( !interact ) break; res = (interact)( ld, flags, defaults, prompts ); - /* keep a pointer to the prompt result so we can free it - * after Cyrus SASL has consumed the prompts. - */ - promptresult = prompts->result; - if( res != LDAP_SUCCESS ) break; } } while ( saslrc == SASL_INTERACT ); @@ -688,9 +679,6 @@ ldap_int_sasl_bind( (SASL_CONST char **)&ccred.bv_val, &credlen ); - /* SASL library doesn't initialize the prompt result pointer */ - if( promptresult == NULL && prompts != NULL ) prompts->result = NULL; - #ifdef NEW_LOGGING LDAP_LOG ( TRANSPORT, DETAIL1, "ldap_int_sasl_bind: sasl_client_step: %d\n", saslrc,0,0 ); @@ -703,12 +691,6 @@ ldap_int_sasl_bind( int res; if( !interact ) break; res = (interact)( ld, flags, defaults, prompts ); - - /* keep a pointer to the prompt result so we can free it - * after Cyrus SASL has consumed the prompts. - */ - promptresult = prompts->result; - if( res != LDAP_SUCCESS ) break; } } while ( saslrc == SASL_INTERACT ); @@ -768,8 +750,6 @@ ldap_int_sasl_bind( } done: - /* free the last prompt result */ - LDAP_FREE((void*)promptresult); return rc; } diff --git a/libraries/liblutil/sasl.c b/libraries/liblutil/sasl.c index c920eec66e..9e522dece0 100644 --- a/libraries/liblutil/sasl.c +++ b/libraries/liblutil/sasl.c @@ -29,9 +29,27 @@ typedef struct lutil_sasl_defaults_s { char *authcid; char *passwd; char *authzid; + char **resps; + int nresps; } lutilSASLdefaults; +void +lutil_sasl_freedefs( + void *defaults ) +{ + lutilSASLdefaults *defs = defaults; + + if (defs->mech) ber_memfree(defs->mech); + if (defs->realm) ber_memfree(defs->realm); + if (defs->authcid) ber_memfree(defs->authcid); + if (defs->passwd) ber_memfree(defs->passwd); + if (defs->authzid) ber_memfree(defs->authzid); + if (defs->resps) ldap_charray_free(defs->resps); + + ber_memfree(defs); +} + void * lutil_sasl_defaults( LDAP *ld, @@ -47,11 +65,11 @@ lutil_sasl_defaults( if( defaults == NULL ) return NULL; - defaults->mech = mech; - defaults->realm = realm; - defaults->authcid = authcid; - defaults->passwd = passwd; - defaults->authzid = authzid; + defaults->mech = mech ? ber_strdup(mech) : NULL; + defaults->realm = realm ? ber_strdup(realm) : NULL; + defaults->authcid = authcid ? ber_strdup(authcid) : NULL; + defaults->passwd = passwd ? ber_strdup(passwd) : NULL; + defaults->authzid = authzid ? ber_strdup(authzid) : NULL; if( defaults->mech == NULL ) { ldap_get_option( ld, LDAP_OPT_X_SASL_MECH, &defaults->mech ); @@ -65,6 +83,8 @@ lutil_sasl_defaults( if( defaults->authzid == NULL ) { ldap_get_option( ld, LDAP_OPT_X_SASL_AUTHZID, &defaults->authzid ); } + defaults->resps = NULL; + defaults->nresps = 0; return defaults; } @@ -160,7 +180,8 @@ static int interaction( if( interact->len > 0 ) { /* duplicate */ char *p = (char *)interact->result; - interact->result = strdup( p ); + ldap_charray_add(&defaults->resps, interact->result); + interact->result = defaults->resps[defaults->nresps++]; /* zap */ memset( p, '\0', interact->len ); @@ -168,15 +189,8 @@ static int interaction( } else { use_default: /* input must be empty */ - interact->result = strdup( (dflt && *dflt) ? dflt : "" ); - interact->len = interact->result - ? strlen( interact->result ) : 0; - } - - if( defaults && defaults->passwd && interact->id == SASL_CB_PASS ) { - /* zap password after first use */ - memset( defaults->passwd, '\0', strlen(defaults->passwd) ); - defaults->passwd = NULL; + interact->result = (dflt && *dflt) ? dflt : ""; + interact->len = strlen( interact->result ); } return LDAP_SUCCESS; @@ -190,12 +204,6 @@ int lutil_sasl_interact( { sasl_interact_t *interact = in; - if( interact->result ) { - /* we have results from a previous interaction */ - free( (void *)interact->result ); - interact->result = NULL; - } - if( ld == NULL ) return LDAP_PARAM_ERROR; if( flags == LDAP_SASL_INTERACTIVE ) { -- 2.47.2