[Fedora-directory-commits] ldapserver/ldap/servers/slapd filtercmp.c, 1.4, 1.5

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Tue Aug 30 21:21:22 UTC 2005


Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15834

Modified Files:
	filtercmp.c 
Log Message:
Bug(s) fixed: 165641
Bug Description: ./ns-slapd crashes on bind containing invalid dn and password
Reviewed by: Noriko (Thanks!)
Branch: HEAD
Fix Description: It's really crashing on the search request.  The problem is that the server assumes all strings are encoded in utf8 format, since that is the only encoding allowed by the LDAP standards.  Non-utf8 works in most places except the function slapi_utf8StrToLower(), which returns NULL given a string of non-utf8 bytes.  The fix for this particular problem is to check for a NULL return value and handle accordingly.
The real solution to this problem would be for the server to check for valid utf8 strings in _all_ LDAP data, according to the syntax of the attribute (e.g. for binary or octet string syntax data, and other binary formats, all bets are off, but then we shouldn't be doing strtolower on these blobs either).
And, while we're at it, add data validation based on syntax for _all_ attributes e.g. in a pre-op.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none



Index: filtercmp.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/filtercmp.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- filtercmp.c	19 Apr 2005 22:07:36 -0000	1.4
+++ filtercmp.c	30 Aug 2005 21:21:19 -0000	1.5
@@ -64,7 +64,8 @@
     unsigned char *normstr;
 
     normstr = slapi_utf8StrToLower((unsigned char *)data);
-    hash = addhash(hash, normstr, strlen((char *)normstr));
+    hash = addhash(hash, normstr,
+                   normstr ? strlen((char *)normstr) : 0);
     if ((char *)normstr != data)
 	slapi_ch_free((void **)&normstr);
     return hash;




More information about the Fedora-directory-commits mailing list