summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/ldap_server/ldap_server.c2
-rw-r--r--source4/lib/ldb/ldb_ildap/ldb_ildap.c2
-rw-r--r--source4/libcli/ldap/ldap.c5
-rw-r--r--source4/libcli/util/asn1.c12
4 files changed, 14 insertions, 7 deletions
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index bf64735b0b..5ac50bd514 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -254,10 +254,10 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags)
return;
}
if (npending == 0) {
+ ldapsrv_terminate_connection(conn, "EOF from client");
return;
}
-
conn->partial.data = talloc_realloc_size(conn, conn->partial.data,
conn->partial.length + npending);
if (conn->partial.data == NULL) {
diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 6560485be5..eefe80c919 100644
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -124,6 +124,8 @@ static int ildb_search(struct ldb_module *module, const char *base,
if (ildb->rootDSE != NULL) {
base = ldb_msg_find_string(ildb->rootDSE,
"defaultNamingContext", "");
+ } else {
+ base = "";
}
}
diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index 2514e10117..d7a230a77f 100644
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -501,7 +501,9 @@ static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx,
ret->operation = LDB_OP_NOT;
ret->u.not.child = ldap_decode_filter_tree(ret, data);
-
+ if (ret->u.not.child == NULL) {
+ goto failed;
+ }
if (!asn1_end_tag(data)) {
goto failed;
}
@@ -595,7 +597,6 @@ static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx,
failed:
talloc_free(ret);
- DEBUG(0,("Failed to parse ASN.1 LDAP filter\n"));
return NULL;
}
diff --git a/source4/libcli/util/asn1.c b/source4/libcli/util/asn1.c
index 10afd74273..2a4c75d939 100644
--- a/source4/libcli/util/asn1.c
+++ b/source4/libcli/util/asn1.c
@@ -299,8 +299,12 @@ BOOL asn1_peek(struct asn1_data *data, void *p, int len)
if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len)
return False;
- if (data->ofs + len > data->length)
+ if (data->ofs + len > data->length) {
+ /* we need to mark the buffer as consumed, so the caller knows
+ this was an out of data error, and not a decode error */
+ data->ofs = data->length;
return False;
+ }
memcpy(p, data->data + data->ofs, len);
return True;
@@ -437,7 +441,7 @@ BOOL asn1_read_OID(struct asn1_data *data, const char **OID)
do {
asn1_read_uint8(data, &b);
v = (v<<7) | (b&0x7f);
- } while (!data->has_error && b & 0x80);
+ } while (!data->has_error && (b & 0x80));
tmp_oid = talloc_asprintf_append(tmp_oid, " %u", v);
}
@@ -540,7 +544,7 @@ BOOL asn1_read_implicit_Integer(struct asn1_data *data, int *i)
uint8_t b;
*i = 0;
- while (asn1_tag_remaining(data)>0) {
+ while (!data->has_error && asn1_tag_remaining(data)>0) {
if (!asn1_read_uint8(data, &b)) return False;
*i = (*i << 8) + b;
}
@@ -564,7 +568,7 @@ BOOL asn1_read_enumerated(struct asn1_data *data, int *v)
*v = 0;
if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False;
- while (asn1_tag_remaining(data)>0) {
+ while (!data->has_error && asn1_tag_remaining(data)>0) {
uint8_t b;
asn1_read_uint8(data, &b);
*v = (*v << 8) + b;