From c2b134cc3b67d48961226cbfac6ea3a2fc7cc1a6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 1 Feb 2003 05:20:11 +0000 Subject: Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm to blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett (This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170) --- source3/lib/ldap_escape.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 source3/lib/ldap_escape.c (limited to 'source3/lib/ldap_escape.c') diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c new file mode 100644 index 0000000000..9e88b4999c --- /dev/null +++ b/source3/lib/ldap_escape.c @@ -0,0 +1,90 @@ +/* + Unix SMB/CIFS implementation. + ldap filter argument escaping + + Copyright (C) 1998, 1999, 2000 Luke Howard , + Copyright (C) 2003 Andrew Bartlett + + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/** + * Escape a parameter to an LDAP filter string, so they cannot contain + * embeded ( ) * or \ chars which may cause it not to parse correctly. + * + * @param s The input string + * + * @return A string allocated with malloc(), containing the escaped string, + * and to be free()ed by the caller. + **/ + +char *escape_ldap_string_alloc(const char *s) +{ + size_t len = strlen(s)+1; + char *output = malloc(len); + char *output_tmp; + const char *sub; + int i = 0; + char *p = output; + + while (*s) + { + switch (*s) + { + case '*': + sub = "\\2a"; + break; + case '(': + sub = "\\28"; + break; + case ')': + sub = "\\29"; + break; + case '\\': + sub = "\\5c"; + break; + default: + sub = NULL; + break; + } + + if (sub) { + len = len + 3; + output_tmp = realloc(output, len); + if (!output_tmp) { + SAFE_FREE(output); + return NULL; + } + output = output_tmp; + + p = &output[i]; + strncpy (p, sub, 3); + p += 3; + i += 3; + + } else { + *p = *s; + p++; + i++; + } + s++; + } + + *p = '\0'; + return output; +} -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/lib/ldap_escape.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/ldap_escape.c') diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c index 9e88b4999c..6c4e8b8c83 100644 --- a/source3/lib/ldap_escape.c +++ b/source3/lib/ldap_escape.c @@ -36,7 +36,7 @@ char *escape_ldap_string_alloc(const char *s) { size_t len = strlen(s)+1; - char *output = malloc(len); + char *output = SMB_MALLOC(len); char *output_tmp; const char *sub; int i = 0; @@ -65,7 +65,7 @@ char *escape_ldap_string_alloc(const char *s) if (sub) { len = len + 3; - output_tmp = realloc(output, len); + output_tmp = SMB_REALLOC(output, len); if (!output_tmp) { SAFE_FREE(output); return NULL; -- cgit From 894358a8f3e338b339b6c37233edef794b312087 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Mar 2006 06:31:04 +0000 Subject: r13915: Fixed a very interesting class of realloc() bugs found by Coverity. realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0) --- source3/lib/ldap_escape.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'source3/lib/ldap_escape.c') diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c index 6c4e8b8c83..3feb0e0c44 100644 --- a/source3/lib/ldap_escape.c +++ b/source3/lib/ldap_escape.c @@ -37,7 +37,6 @@ char *escape_ldap_string_alloc(const char *s) { size_t len = strlen(s)+1; char *output = SMB_MALLOC(len); - char *output_tmp; const char *sub; int i = 0; char *p = output; @@ -65,12 +64,10 @@ char *escape_ldap_string_alloc(const char *s) if (sub) { len = len + 3; - output_tmp = SMB_REALLOC(output, len); - if (!output_tmp) { - SAFE_FREE(output); + output = SMB_REALLOC(output, len); + if (!output) { return NULL; } - output = output_tmp; p = &output[i]; strncpy (p, sub, 3); -- cgit From ab710c9e25c24cc69876279125297b7755304070 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 12 Jun 2006 12:45:06 +0000 Subject: r16153: Fix possible NULL dereference found by Klocwork # 252 (This used to be commit 128260527b90d77ca3dfc900e012018ef00ba9e0) --- source3/lib/ldap_escape.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/lib/ldap_escape.c') diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c index 3feb0e0c44..fcb787e9e8 100644 --- a/source3/lib/ldap_escape.c +++ b/source3/lib/ldap_escape.c @@ -40,6 +40,10 @@ char *escape_ldap_string_alloc(const char *s) const char *sub; int i = 0; char *p = output; + + if (output == NULL) { + return NULL; + } while (*s) { -- cgit From 1cf1e648feed823244731eef5f56bd34e15cb045 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 31 Jul 2006 04:30:55 +0000 Subject: r17334: Some C++ warnings (This used to be commit 8ae7ed1f3cecbb5285313d17b5f9511e2e622f0b) --- source3/lib/ldap_escape.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/ldap_escape.c') diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c index fcb787e9e8..2623088434 100644 --- a/source3/lib/ldap_escape.c +++ b/source3/lib/ldap_escape.c @@ -36,7 +36,7 @@ char *escape_ldap_string_alloc(const char *s) { size_t len = strlen(s)+1; - char *output = SMB_MALLOC(len); + char *output = (char *)SMB_MALLOC(len); const char *sub; int i = 0; char *p = output; @@ -68,7 +68,7 @@ char *escape_ldap_string_alloc(const char *s) if (sub) { len = len + 3; - output = SMB_REALLOC(output, len); + output = (char *)SMB_REALLOC(output, len); if (!output) { return NULL; } -- cgit From e9e6af59510242fbc78fd2100026d8dc79f18773 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 1 Mar 2007 00:49:28 +0000 Subject: r21606: Implement escaping function for ldap RDN values Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322) --- source3/lib/ldap_escape.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'source3/lib/ldap_escape.c') diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c index 2623088434..8907399be4 100644 --- a/source3/lib/ldap_escape.c +++ b/source3/lib/ldap_escape.c @@ -89,3 +89,47 @@ char *escape_ldap_string_alloc(const char *s) *p = '\0'; return output; } + +char *escape_rdn_val_string_alloc(const char *s) +{ + char *output, *p; + + /* The maximum size of the escaped string can be twice the actual size */ + output = (char *)SMB_MALLOC(2*strlen(s) + 1); + + if (output == NULL) { + return NULL; + } + + p = output; + + while (*s) + { + switch (*s) + { + case ',': + case '=': + case '+': + case '<': + case '>': + case '#': + case ';': + case '\\': + case '\"': + *p++ = '\\'; + *p++ = *s; + break; + default: + *p = *s; + p++; + } + + s++; + } + + *p = '\0'; + + /* resize the string to the actual final size */ + output = (char *)SMB_REALLOC(output, strlen(output) + 1); + return output; +} -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/ldap_escape.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/ldap_escape.c') diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c index 8907399be4..474f5419e8 100644 --- a/source3/lib/ldap_escape.c +++ b/source3/lib/ldap_escape.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/lib/ldap_escape.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/ldap_escape.c') diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c index 474f5419e8..d101bc5ecd 100644 --- a/source3/lib/ldap_escape.c +++ b/source3/lib/ldap_escape.c @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit