ldap Sdiff usr/src/cmd/ldap/ns

Print this page

1668 CVE 2011-3508 (ldap format string issues)

   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.

  23  */
  24 
  25 
  26 #include <stdio.h>
  27 #include <stdlib.h>
  28 #include <libintl.h>
  29 #include <strings.h>
  30 #include <locale.h>
  31 #include <syslog.h>
  32 
  33 #include "standalone.h"
  34 
  35 extern char *set_filter(char **, char *, char **);
  36 extern char *set_filter_publickey(char **, char *, int, char **);
  37 extern void _printResult(ns_ldap_result_t *);
  38 extern void printMapping();
  39 
  40 int listflag = 0;
  41 
  42

 131  * an existing search filter. This routine expects userdata
 132  * contain a format string with a single %s in it, and will
 133  * use the format string with sprintf() to insert the SSD filter.
 134  *
 135  * This routine is passed to the __ns_ldap_list() or
 136  * __ns_ldap_firstEntry() APIs as the filter call back
 137  * together with the userdata. For example,
 138  * the "ldaplist hosts sys1" processing may call __ns_ldap_list()
 139  * with "(&(objectClass=ipHost)(cn=sys1))" as filter, this function
 140  * as the filter call back, and "(&(%s)(cn=sys1))" as the
 141  * userdata, this routine will in turn gets call to produce
 142  * "(&(department=sds)(cn=sys1))" as the real search
 143  * filter, if the input SSD contains a filter "department=sds".
 144  */
 145 static int
 146 merge_SSD_filter(const ns_ldap_search_desc_t *desc,
 147                         char **realfilter,
 148                         const void *userdata)
 149 {
 150         int     len;

 151 
 152         /* sanity check */
 153         if (realfilter == NULL)
 154                 return (NS_LDAP_INVALID_PARAM);
 155         *realfilter = NULL;
 156 
 157         if (desc == NULL || desc->filter == NULL ||
 158             userdata == NULL)
 159                 return (NS_LDAP_INVALID_PARAM);
 160 














 161         len = strlen(userdata) + strlen(desc->filter) + 1;
 162 
 163         *realfilter = (char *)malloc(len);
 164         if (*realfilter == NULL)
 165                 return (NS_LDAP_MEMORY);
 166 
 167         (void) sprintf(*realfilter, (char *)userdata,
 168             desc->filter);
 169 
 170         return (NS_LDAP_SUCCESS);
 171 }
 172 
 173 /* returns 0=success, 1=error */
 174 int
 175 list(char *database, char *ldapfilter, char **ldapattribute,
 176 char **err, char *userdata)
 177 {
 178         ns_ldap_result_t        *result;
 179         ns_ldap_error_t *errorp;
 180         int             rc;

   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
  24  */
  25 
  26 
  27 #include <stdio.h>
  28 #include <stdlib.h>
  29 #include <libintl.h>
  30 #include <strings.h>
  31 #include <locale.h>
  32 #include <syslog.h>
  33 
  34 #include "standalone.h"
  35 
  36 extern char *set_filter(char **, char *, char **);
  37 extern char *set_filter_publickey(char **, char *, int, char **);
  38 extern void _printResult(ns_ldap_result_t *);
  39 extern void printMapping();
  40 
  41 int listflag = 0;
  42 
  43

 132  * an existing search filter. This routine expects userdata
 133  * contain a format string with a single %s in it, and will
 134  * use the format string with sprintf() to insert the SSD filter.
 135  *
 136  * This routine is passed to the __ns_ldap_list() or
 137  * __ns_ldap_firstEntry() APIs as the filter call back
 138  * together with the userdata. For example,
 139  * the "ldaplist hosts sys1" processing may call __ns_ldap_list()
 140  * with "(&(objectClass=ipHost)(cn=sys1))" as filter, this function
 141  * as the filter call back, and "(&(%s)(cn=sys1))" as the
 142  * userdata, this routine will in turn gets call to produce
 143  * "(&(department=sds)(cn=sys1))" as the real search
 144  * filter, if the input SSD contains a filter "department=sds".
 145  */
 146 static int
 147 merge_SSD_filter(const ns_ldap_search_desc_t *desc,
 148                         char **realfilter,
 149                         const void *userdata)
 150 {
 151         int     len;
 152         char *checker;
 153 
 154         /* sanity check */
 155         if (realfilter == NULL)
 156                 return (NS_LDAP_INVALID_PARAM);
 157         *realfilter = NULL;
 158 
 159         if (desc == NULL || desc->filter == NULL ||
 160             userdata == NULL)
 161                 return (NS_LDAP_INVALID_PARAM);
 162 
 163         /* Parameter check.  We only want one %s here, otherwise bail. */
 164         len = 0;        /* Reuse 'len' as "Number of %s hits"... */
 165         checker = (char *)userdata;
 166         do {
 167                 checker = strchr(checker, '%');
 168                 if (checker != NULL) {
 169                         if (len > 0 || *(checker + 1) != 's')
 170                                 return (NS_LDAP_INVALID_PARAM);
 171                         len++;  /* Got our %s. */
 172                         checker += 2;
 173                 } else if (len != 1)
 174                         return (NS_LDAP_INVALID_PARAM);
 175         } while (checker != NULL);
 176 
 177         len = strlen(userdata) + strlen(desc->filter) + 1;
 178 
 179         *realfilter = (char *)malloc(len);
 180         if (*realfilter == NULL)
 181                 return (NS_LDAP_MEMORY);
 182 
 183         (void) sprintf(*realfilter, (char *)userdata,
 184             desc->filter);
 185 
 186         return (NS_LDAP_SUCCESS);
 187 }
 188 
 189 /* returns 0=success, 1=error */
 190 int
 191 list(char *database, char *ldapfilter, char **ldapattribute,
 192 char **err, char *userdata)
 193 {
 194         ns_ldap_result_t        *result;
 195         ns_ldap_error_t *errorp;
 196         int             rc;