1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
From 38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 23 Nov 2020 17:14:00 +0000
Subject: [PATCH] ITS#9404 fix serialNumberAndIssuerCheck
Tighten validity checks
---
servers/slapd/schema_init.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 834f54593d..5b577607de 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -3193,7 +3193,7 @@ serialNumberAndIssuerCheck(
if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
- if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) {
+ if( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) {
/* Parse old format */
is->bv_val = ber_bvchr( in, '$' );
if( BER_BVISNULL( is ) ) return LDAP_INVALID_SYNTAX;
@@ -3224,7 +3224,7 @@ serialNumberAndIssuerCheck(
HAVE_ALL = ( HAVE_ISSUER | HAVE_SN )
} have = HAVE_NONE;
- int numdquotes = 0;
+ int numdquotes = 0, gotquote;
struct berval x = *in;
struct berval ni;
x.bv_val++;
@@ -3266,11 +3266,12 @@ serialNumberAndIssuerCheck(
is->bv_val = x.bv_val;
is->bv_len = 0;
- for ( ; is->bv_len < x.bv_len; ) {
+ for ( gotquote=0; is->bv_len < x.bv_len; ) {
if ( is->bv_val[is->bv_len] != '"' ) {
is->bv_len++;
continue;
}
+ gotquote = 1;
if ( is->bv_val[is->bv_len+1] == '"' ) {
/* double dquote */
numdquotes++;
@@ -3279,6 +3280,8 @@ serialNumberAndIssuerCheck(
}
break;
}
+ if ( !gotquote ) return LDAP_INVALID_SYNTAX;
+
x.bv_val += is->bv_len + 1;
x.bv_len -= is->bv_len + 1;
--
2.20.1
|
