diff options
-rw-r--r-- | source4/auth/gensec/spnego_parse.c | 11 | ||||
-rw-r--r-- | source4/auth/kerberos/gssapi_parse.c | 13 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.c | 4 | ||||
-rw-r--r-- | source4/libcli/cldap/cldap.c | 2 | ||||
-rw-r--r-- | source4/libcli/ldap/ldap.c | 2 | ||||
-rw-r--r-- | source4/libcli/ldap/ldap_client.c | 4 | ||||
-rw-r--r-- | source4/libcli/ldap/ldap_controls.c | 40 | ||||
-rw-r--r-- | source4/libcli/util/asn1.c | 6 |
8 files changed, 77 insertions, 5 deletions
diff --git a/source4/auth/gensec/spnego_parse.c b/source4/auth/gensec/spnego_parse.c index c768d1e847..5382402206 100644 --- a/source4/auth/gensec/spnego_parse.c +++ b/source4/auth/gensec/spnego_parse.c @@ -265,7 +265,7 @@ static BOOL write_negTokenTarg(struct asn1_data *asn1, struct spnego_negTokenTar ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data *token) { - struct asn1_data *asn1 = asn1_init(mem_ctx); + struct asn1_data *asn1; ssize_t ret = -1; uint8_t context; @@ -275,6 +275,11 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data return ret; } + asn1 = asn1_init(mem_ctx); + if (asn1 == NULL) { + return -1; + } + asn1_load(asn1, data); if (!asn1_peek_uint8(asn1, &context)) { @@ -311,6 +316,10 @@ ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_da struct asn1_data *asn1 = asn1_init(mem_ctx); ssize_t ret = -1; + if (asn1 == NULL) { + return -1; + } + switch (spnego->type) { case SPNEGO_NEG_TOKEN_INIT: asn1_push_tag(asn1, ASN1_APPLICATION(0)); diff --git a/source4/auth/kerberos/gssapi_parse.c b/source4/auth/kerberos/gssapi_parse.c index 86a9e9554a..de6fa31afb 100644 --- a/source4/auth/kerberos/gssapi_parse.c +++ b/source4/auth/kerberos/gssapi_parse.c @@ -31,13 +31,18 @@ */ DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2]) { - struct asn1_data *data = asn1_init(mem_ctx); + struct asn1_data *data; DATA_BLOB ret; if (!data || !ticket->data) { return data_blob(NULL,0); } + data = asn1_init(mem_ctx); + if (data == NULL) { + return data_blob(NULL,0); + } + asn1_push_tag(data, ASN1_APPLICATION(0)); asn1_write_OID(data, GENSEC_OID_KERBEROS5); @@ -66,6 +71,10 @@ BOOL gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, D struct asn1_data *data = asn1_init(mem_ctx); int data_remaining; + if (!data) { + return False; + } + asn1_load(data, *blob); asn1_start_tag(data, ASN1_APPLICATION(0)); asn1_check_OID(data, GENSEC_OID_KERBEROS5); @@ -99,6 +108,8 @@ BOOL gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid) BOOL ret; struct asn1_data *data = asn1_init(NULL); + if (!data) return False; + asn1_load(data, *blob); asn1_start_tag(data, ASN1_APPLICATION(0)); asn1_check_OID(data, oid); diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 9aefbed485..03fb10b4de 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -137,11 +137,13 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) struct asn1_data *asn1 = asn1_init(conn); struct ldap_message *msg = talloc(conn, struct ldap_message); - if (msg == NULL) { + if (asn1 == NULL || msg == NULL) { return NT_STATUS_NO_MEMORY; } if (!asn1_load(asn1, blob)) { + talloc_free(msg); + talloc_free(asn1); return NT_STATUS_NO_MEMORY; } diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c index e92abe4d47..bd2ab630db 100644 --- a/source4/libcli/cldap/cldap.c +++ b/source4/libcli/cldap/cldap.c @@ -70,6 +70,8 @@ static void cldap_socket_recv(struct cldap_socket *cldap) struct ldap_message *ldap_msg; struct cldap_request *req; + if (!asn1) return; + status = socket_pending(cldap->sock, &dsize); if (!NT_STATUS_IS_OK(status)) { talloc_free(tmp_ctx); diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c index 70ba9335db..55988b8eb4 100644 --- a/source4/libcli/ldap/ldap.c +++ b/source4/libcli/ldap/ldap.c @@ -193,6 +193,8 @@ BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result, TALLOC_CTX *mem_ct struct asn1_data *data = asn1_init(mem_ctx); int i, j; + if (!data) return False; + asn1_push_tag(data, ASN1_SEQUENCE(0)); asn1_write_Integer(data, msg->messageid); diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c index 5e4eddee92..ce15b39271 100644 --- a/source4/libcli/ldap/ldap_client.c +++ b/source4/libcli/ldap/ldap_client.c @@ -175,11 +175,13 @@ static NTSTATUS ldap_recv_handler(void *private_data, DATA_BLOB blob) struct ldap_message *msg = talloc(conn, struct ldap_message); struct asn1_data *asn1 = asn1_init(conn); - if (msg == NULL) { + if (asn1 == NULL || msg == NULL) { return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); } if (!asn1_load(asn1, blob)) { + talloc_free(msg); + talloc_free(asn1); return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); } diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c index 180e6eeb62..79c16afc95 100644 --- a/source4/libcli/ldap/ldap_controls.c +++ b/source4/libcli/ldap/ldap_controls.c @@ -37,6 +37,8 @@ static BOOL decode_server_sort_response(void *mem_ctx, DATA_BLOB in, void **out) struct asn1_data *data = asn1_init(mem_ctx); struct ldb_sort_resp_control *lsrc; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -82,6 +84,8 @@ static BOOL decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void **out) struct ldb_server_sort_control **lssc; int num; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -156,6 +160,8 @@ static BOOL decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void **out) struct asn1_data *data = asn1_init(mem_ctx); struct ldb_extended_dn_control *ledc; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -187,6 +193,8 @@ static BOOL decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void **out) struct asn1_data *data = asn1_init(mem_ctx); struct ldb_sd_flags_control *lsdfc; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -218,6 +226,8 @@ static BOOL decode_search_options_request(void *mem_ctx, DATA_BLOB in, void **ou struct asn1_data *data = asn1_init(mem_ctx); struct ldb_search_options_control *lsoc; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -250,6 +260,8 @@ static BOOL decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void **out struct asn1_data *data = asn1_init(mem_ctx); struct ldb_paged_control *lprc; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -296,6 +308,8 @@ static BOOL decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void **out) struct asn1_data *data = asn1_init(mem_ctx); struct ldb_dirsync_control *ldc; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -349,6 +363,8 @@ static BOOL decode_asq_control(void *mem_ctx, DATA_BLOB in, void **out) struct asn1_data *data = asn1_init(mem_ctx); struct ldb_asq_control *lac; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -452,6 +468,8 @@ static BOOL decode_vlv_request(void *mem_ctx, DATA_BLOB in, void **out) struct asn1_data *data = asn1_init(mem_ctx); struct ldb_vlv_req_control *lvrc; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -562,6 +580,8 @@ static BOOL decode_vlv_response(void *mem_ctx, DATA_BLOB in, void **out) struct asn1_data *data = asn1_init(mem_ctx); struct ldb_vlv_resp_control *lvrc; + if (!data) return False; + if (!asn1_load(data, in)) { return False; } @@ -615,6 +635,8 @@ static BOOL encode_server_sort_response(void *mem_ctx, void *in, DATA_BLOB *out) struct ldb_sort_resp_control *lsrc = talloc_get_type(in, struct ldb_sort_resp_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -648,6 +670,8 @@ static BOOL encode_server_sort_request(void *mem_ctx, void *in, DATA_BLOB *out) struct asn1_data *data = asn1_init(mem_ctx); int num; + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -696,6 +720,8 @@ static BOOL encode_extended_dn_request(void *mem_ctx, void *in, DATA_BLOB *out) struct ldb_extended_dn_control *ledc = talloc_get_type(in, struct ldb_extended_dn_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -722,6 +748,8 @@ static BOOL encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out) struct ldb_sd_flags_control *lsdfc = talloc_get_type(in, struct ldb_sd_flags_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -748,6 +776,8 @@ static BOOL encode_search_options_request(void *mem_ctx, void *in, DATA_BLOB *ou struct ldb_search_options_control *lsoc = talloc_get_type(in, struct ldb_search_options_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -774,6 +804,8 @@ static BOOL encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -807,6 +839,8 @@ static BOOL encode_asq_control(void *mem_ctx, void *in, DATA_BLOB *out) struct ldb_asq_control *lac = talloc_get_type(in, struct ldb_asq_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -840,6 +874,8 @@ static BOOL encode_dirsync_request(void *mem_ctx, void *in, DATA_BLOB *out) struct ldb_dirsync_control *ldc = talloc_get_type(in, struct ldb_dirsync_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -924,6 +960,8 @@ static BOOL encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out) struct ldb_vlv_req_control *lvrc = talloc_get_type(in, struct ldb_vlv_req_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } @@ -998,6 +1036,8 @@ static BOOL encode_vlv_response(void *mem_ctx, void *in, DATA_BLOB *out) struct ldb_vlv_resp_control *lvrc = talloc_get_type(in, struct ldb_vlv_resp_control); struct asn1_data *data = asn1_init(mem_ctx); + if (!data) return False; + if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) { return False; } diff --git a/source4/libcli/util/asn1.c b/source4/libcli/util/asn1.c index d02f6be9c7..81ce72bed9 100644 --- a/source4/libcli/util/asn1.c +++ b/source4/libcli/util/asn1.c @@ -24,7 +24,11 @@ /* allocate an asn1 structure */ struct asn1_data *asn1_init(TALLOC_CTX *mem_ctx) { - return talloc_zero(NULL, struct asn1_data); + struct asn1_data *ret = talloc_zero(NULL, struct asn1_data); + if (ret == NULL) { + DEBUG(0,("asn1_init failed! out of memory\n")); + } + return ret; } /* free an asn1 structure */ |