]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 013d7bf)
lib/ldap/directory: fix strncmp prefix-match false positives in server capability...
authorAlexander Bainbridge-Sedivy <alex.bainbridge@inkbridge.io>
Fri, 29 May 2026 14:07:57 +0000 (10:07 -0400)
committerAlan T. DeKok <aland@freeradius.org>
Mon, 1 Jun 2026 16:12:41 +0000 (12:12 -0400)
src/lib/ldap/directory.c patch | blob | blame | history

diff --git a/src/lib/ldap/directory.c b/src/lib/ldap/directory.c
index 6c4b6a7dbe267f89e32c89ef73ced73c8e33ec5a..704ab8d3d277004ef728c820e7280737e0328508 100644 (file)
--- a/src/lib/ldap/directory.c
+++ b/src/lib/ldap/directory.c
@@ -149,7 +149,8 @@ int fr_ldap_directory_result_parse(fr_ldap_directory_t *directory, LDAP *handle,
        if (values) {
                num = ldap_count_values_len(values);
                for (i = 0; i < num; i++) {
-                       if (strncmp("OpenLDAProotDSE", values[i]->bv_val, values[i]->bv_len) == 0) {
+                       if ((values[i]->bv_len == sizeof("OpenLDAProotDSE") - 1) &&
+                           (memcmp("OpenLDAProotDSE", values[i]->bv_val, values[i]->bv_len) == 0)) {
                                directory->type = FR_LDAP_DIRECTORY_OPENLDAP;
                        }
                }
@@ -192,17 +193,20 @@ found:
        if (values) {
                num = ldap_count_values_len(values);
                for (i = 0; i < num; i++) {
-                       if (strncmp(LDAP_CONTROL_SYNC, values[i]->bv_val, values[i]->bv_len) == 0) {
+                       if ((values[i]->bv_len == strlen(LDAP_CONTROL_SYNC)) &&
+                           (memcmp(LDAP_CONTROL_SYNC, values[i]->bv_val, values[i]->bv_len) == 0)) {
                                INFO("Directory supports RFC 4533");
                                directory->sync_type = FR_LDAP_SYNC_RFC4533;
                                break;
                        }
-                       if (strncmp(LDAP_SERVER_NOTIFICATION_OID, values[i]->bv_val, values[i]->bv_len) == 0) {
+                       if ((values[i]->bv_len == strlen(LDAP_SERVER_NOTIFICATION_OID)) &&
+                           (memcmp(LDAP_SERVER_NOTIFICATION_OID, values[i]->bv_val, values[i]->bv_len) == 0)) {
                                INFO("Directory supports LDAP_SERVER_NOTIFICATION_OID");
                                directory->sync_type = FR_LDAP_SYNC_ACTIVE_DIRECTORY;
                                break;
                        }
-                       if (strncmp(LDAP_CONTROL_PERSIST_REQUEST, values[i]->bv_val, values[i]->bv_len) == 0) {
+                       if ((values[i]->bv_len == strlen(LDAP_CONTROL_PERSIST_REQUEST)) &&
+                           (memcmp(LDAP_CONTROL_PERSIST_REQUEST, values[i]->bv_val, values[i]->bv_len) == 0)) {
                                INFO("Directory supports persistent search");
                                directory->sync_type = FR_LDAP_SYNC_PERSISTENT_SEARCH;
                                break;
Mirror of https://github.com/FreeRADIUS/freeradius-server.git