[Date Prev][Date Next] [Chronological] [Thread] [Top]

certificateExactMatch: The (hopefully) final fix.

Kurt D. Zeilenga wrote:
 

Okay.  Let's fix that.  Let's also fix the extensible matching
problem (which is the only way the rule can be used with the
schema as defined on the Standard Track).
 

Kurt,

Hereby the fix for the extensible matching problem.

The patch however includes more. Openldap with certificateExactMatch enabled will coredump when an incorrect search
filter is specified.

Example:
usercertificate="56" or usercertificate=" $"
The server only coredumps when certificateExactMatch is activated in the core.schema and the extensible matching rule is fixed.

The bug is in serial_and_issuer_parse where some things we're not checked.
I hope you aprove on this patch.

Grtz,

Mark Ruijter
  

diff -urN openldap-2.1.9a/servers/slapd/schema_init.c openldap-2.1.9/servers/slapd/schema_init.c
--- openldap-2.1.9a/servers/slapd/schema_init.c	Tue Nov 26 19:26:19 2002
+++ openldap-2.1.9/servers/slapd/schema_init.c	Mon Dec 16 23:08:17 2002
@@ -3731,15 +3731,21 @@
 		;
 	if ( p > end )
 		return LDAP_INVALID_SYNTAX;
-
 	/* p now points at the $ sign, now use begin and end to delimit the
 	   serial number */
 	while (ASCII_SPACE(*begin))
 		begin++;
 	end = p-1;
+
+        if ( end <= begin) 
+		return LDAP_INVALID_SYNTAX;
+      
 	while (ASCII_SPACE(*end))
 		end--;
 
+        if ( p == end )
+		return LDAP_INVALID_SYNTAX;
+
 	bv.bv_len = end-begin+1;
 	bv.bv_val = begin;
 	ber_dupbv(serial, &bv);
@@ -3796,9 +3802,10 @@
 
 	X509_free(xcert);
 
-	serial_and_issuer_parse(assertedValue,
+	ret = serial_and_issuer_parse(assertedValue,
 				&asserted_serial,
 				&asserted_issuer_dn);
+        if ( ret != LDAP_SUCCESS ) return(ret);
 
 	ret = integerMatch(
 		matchp,
@@ -3925,12 +3932,13 @@
 	BerVarray *keysp )
 {
 	BerVarray keys;
+        int ret;
 	struct berval asserted_serial;
 
-	serial_and_issuer_parse(assertedValue,
+	ret = serial_and_issuer_parse(assertedValue,
 				&asserted_serial,
 				NULL);
-
+        if ( ret != LDAP_SUCCESS ) return(ret);
 	keys = ch_malloc( sizeof( struct berval ) * 2 );
 	integerNormalize( syntax, &asserted_serial, &keys[0] );
 	keys[1].bv_val = NULL;
@@ -4408,9 +4416,10 @@
 	 * Chadwick in private mail.
 	 */
 	{"( 1.2.826.0.1.3344810.7.1 DESC 'Serial Number and Issuer' )",
-		0, NULL, NULL, NULL},
+               SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL, NULL},
 #endif
 
+
 	/* OpenLDAP Experimental Syntaxes */
 #ifdef SLAPD_ACI_ENABLED
 	{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
@@ -4433,7 +4442,7 @@
 
 #ifdef HAVE_TLS
 char *certificateExactMatchSyntaxes[] = {
-	"1.3.6.1.4.1.1466.115.121.1.8" /* certificate */,
+        "1.3.6.1.4.1.1466.115.121.1.8" /* certificate */,
 	NULL
 };
 #endif

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature