Don't walk past the end of ldb values.

This is a partial fix towards bugs due to us walking past the end of what we think are strings in ldb. There is much more work to do in this area. Andrew Bartlett (This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
author: Andrew Bartlett <abartlet@samba.org> 2008-08-21 19:24:58 +1000
committer: Andrew Bartlett <abartlet@samba.org> 2008-08-21 19:24:58 +1000
commit: 4ad97a1d0593b3401a352407009a99ead23f21f2 (patch)
tree: 31e546187b08304190e6e2ad579672caccaf02c1 /source4/lib/ldb
parent: 38f740529803054a3145ad547b3d7de8a25e983a (diff)
download: samba-4ad97a1d0593b3401a352407009a99ead23f21f2.tar.gz
samba-4ad97a1d0593b3401a352407009a99ead23f21f2.tar.bz2
samba-4ad97a1d0593b3401a352407009a99ead23f21f2.zip
3 files changed, 20 insertions, 10 deletions
diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c
index 08911344b7..c0d36cfbf3 100644
--- a/source4/lib/ldb/common/ldb_dn.c
+++ b/source4/lib/ldb/common/ldb_dn.c
@@ -71,7 +71,7 @@ struct ldb_dn {
 };
 
 /* strdn may be NULL */
-struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *strdn)
+struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn)
 {
 	struct ldb_dn *dn;
 
@@ -82,27 +82,27 @@ struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *st
 
 	dn->ldb = ldb;
 
-	if (strdn) {
-		if (strdn[0] == '@') {
+	if (strdn->data && strdn->length) {
+		if (strdn->data[0] == '@') {
 			dn->special = true;
 		}
-		if (strncasecmp(strdn, "<GUID=", 6) == 0) {
+		if (strdn->length >= 6 && strncasecmp((const char *)strdn->data, "<GUID=", 6) == 0) {
 			/* this is special DN returned when the
 			 * exploded_dn control is used */
 			dn->special = true;
 			/* FIXME: add a GUID string to ldb_dn structure */
-		} else if (strncasecmp(strdn, "<SID=", 8) == 0) {
+		} else if (strdn->length >= 8 && strncasecmp((const char *)strdn->data, "<SID=", 8) == 0) {
 			/* this is special DN returned when the
 			 * exploded_dn control is used */
 			dn->special = true;
 			/* FIXME: add a SID string to ldb_dn structure */
-		} else if (strncasecmp(strdn, "<WKGUID=", 8) == 0) {
+		} else if (strdn->length >= 8 && strncasecmp((const char *)strdn->data, "<WKGUID=", 8) == 0) {
 			/* this is special DN returned when the
 			 * exploded_dn control is used */
 			dn->special = true;
 			/* FIXME: add a WKGUID string to ldb_dn structure */
 		}
-		dn->linearized = talloc_strdup(dn, strdn);
+		dn->linearized = talloc_strndup(dn, (const char *)strdn->data, strdn->length);
 	} else {
 		dn->linearized = talloc_strdup(dn, "");
 	}
@@ -115,6 +115,15 @@ failed:
 	return NULL;
 }
 
+/* strdn may be NULL */
+struct ldb_dn *ldb_dn_new(void *mem_ctx, struct ldb_context *ldb, const char *strdn)
+{
+	struct ldb_val blob;
+	blob.data = strdn;
+	blob.length = strdn ? strlen(strdn) : 0;
+	return ldb_dn_from_ldb_val(mem_ctx, ldb, &blob);
+}
+
 struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...)
 {
 	struct ldb_dn *dn;
diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c
index c1ea9db56b..2f5fe1d18c 100644
--- a/source4/lib/ldb/common/ldb_msg.c
+++ b/source4/lib/ldb/common/ldb_msg.c
@@ -389,10 +389,10 @@ int ldb_msg_find_attr_as_bool(const struct ldb_message *msg,
 	if (!v || !v->data) {
 		return default_value;
 	}
-	if (strcasecmp((const char *)v->data, "FALSE") == 0) {
+	if (v->length == 5 && strncasecmp((const char *)v->data, "FALSE", 5) == 0) {
 		return 0;
 	}
-	if (strcasecmp((const char *)v->data, "TRUE") == 0) {
+	if (v->length == 4 && strncasecmp((const char *)v->data, "TRUE", 4) == 0) {
 		return 1;
 	}
 	return default_value;
@@ -421,7 +421,7 @@ struct ldb_dn *ldb_msg_find_attr_as_dn(struct ldb_context *ldb,
 	if (!v || !v->data) {
 		return NULL;
 	}
-	res_dn = ldb_dn_new(mem_ctx, ldb, (const char *)v->data);
+	res_dn = ldb_dn_from_ldb_val(mem_ctx, ldb, v);
 	if ( ! ldb_dn_validate(res_dn)) {
 		talloc_free(res_dn);
 		return NULL;
diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h
index 7ce6103422..5dbf99e5bf 100644
--- a/source4/lib/ldb/include/ldb.h
+++ b/source4/lib/ldb/include/ldb.h
@@ -1381,6 +1381,7 @@ int ldb_base64_decode(char *s);
 
 struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *dn);
 struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...) PRINTF_ATTRIBUTE(3,4);
+struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn);
 bool ldb_dn_validate(struct ldb_dn *dn);
 
 char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value);
author	Andrew Bartlett <abartlet@samba.org>	2008-08-21 19:24:58 +1000
committer	Andrew Bartlett <abartlet@samba.org>	2008-08-21 19:24:58 +1000
commit	4ad97a1d0593b3401a352407009a99ead23f21f2 (patch)
tree	31e546187b08304190e6e2ad579672caccaf02c1 /source4/lib/ldb
parent	38f740529803054a3145ad547b3d7de8a25e983a (diff)
download	samba-4ad97a1d0593b3401a352407009a99ead23f21f2.tar.gz samba-4ad97a1d0593b3401a352407009a99ead23f21f2.tar.bz2 samba-4ad97a1d0593b3401a352407009a99ead23f21f2.zip