diff options
-rw-r--r-- | source4/ldap_server/ldap_server.c | 2 | ||||
-rw-r--r-- | source4/lib/ldb/ldb_ildap/ldb_ildap.c | 2 | ||||
-rw-r--r-- | source4/libcli/ldap/ldap.c | 5 | ||||
-rw-r--r-- | source4/libcli/util/asn1.c | 12 |
4 files changed, 14 insertions, 7 deletions
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index bf64735b0b..5ac50bd514 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -254,10 +254,10 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) return; } if (npending == 0) { + ldapsrv_terminate_connection(conn, "EOF from client"); return; } - conn->partial.data = talloc_realloc_size(conn, conn->partial.data, conn->partial.length + npending); if (conn->partial.data == NULL) { diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 6560485be5..eefe80c919 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -124,6 +124,8 @@ static int ildb_search(struct ldb_module *module, const char *base, if (ildb->rootDSE != NULL) { base = ldb_msg_find_string(ildb->rootDSE, "defaultNamingContext", ""); + } else { + base = ""; } } diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c index 2514e10117..d7a230a77f 100644 --- a/source4/libcli/ldap/ldap.c +++ b/source4/libcli/ldap/ldap.c @@ -501,7 +501,9 @@ static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx, ret->operation = LDB_OP_NOT; ret->u.not.child = ldap_decode_filter_tree(ret, data); - + if (ret->u.not.child == NULL) { + goto failed; + } if (!asn1_end_tag(data)) { goto failed; } @@ -595,7 +597,6 @@ static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx, failed: talloc_free(ret); - DEBUG(0,("Failed to parse ASN.1 LDAP filter\n")); return NULL; } diff --git a/source4/libcli/util/asn1.c b/source4/libcli/util/asn1.c index 10afd74273..2a4c75d939 100644 --- a/source4/libcli/util/asn1.c +++ b/source4/libcli/util/asn1.c @@ -299,8 +299,12 @@ BOOL asn1_peek(struct asn1_data *data, void *p, int len) if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len) return False; - if (data->ofs + len > data->length) + if (data->ofs + len > data->length) { + /* we need to mark the buffer as consumed, so the caller knows + this was an out of data error, and not a decode error */ + data->ofs = data->length; return False; + } memcpy(p, data->data + data->ofs, len); return True; @@ -437,7 +441,7 @@ BOOL asn1_read_OID(struct asn1_data *data, const char **OID) do { asn1_read_uint8(data, &b); v = (v<<7) | (b&0x7f); - } while (!data->has_error && b & 0x80); + } while (!data->has_error && (b & 0x80)); tmp_oid = talloc_asprintf_append(tmp_oid, " %u", v); } @@ -540,7 +544,7 @@ BOOL asn1_read_implicit_Integer(struct asn1_data *data, int *i) uint8_t b; *i = 0; - while (asn1_tag_remaining(data)>0) { + while (!data->has_error && asn1_tag_remaining(data)>0) { if (!asn1_read_uint8(data, &b)) return False; *i = (*i << 8) + b; } @@ -564,7 +568,7 @@ BOOL asn1_read_enumerated(struct asn1_data *data, int *v) *v = 0; if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False; - while (asn1_tag_remaining(data)>0) { + while (!data->has_error && asn1_tag_remaining(data)>0) { uint8_t b; asn1_read_uint8(data, &b); *v = (*v << 8) + b; |