[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication cl5_api.c, 1.9, 1.10 repl.h, 1.5, 1.6 repl5_inc_protocol.c, 1.8, 1.9 repl5_replica.c, 1.12, 1.13 repl5_tot_protocol.c, 1.7, 1.8 windows_connection.c, 1.13, 1.14 windows_inc_protocol.c, 1.11, 1.12 windows_private.c, 1.10, 1.11 windows_protocol_util.c, 1.25, 1.26
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Tue Apr 11 02:14:45 UTC 2006
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/servers/plugins/replication
Modified Files:
cl5_api.c repl.h repl5_inc_protocol.c repl5_replica.c
repl5_tot_protocol.c windows_connection.c
windows_inc_protocol.c windows_private.c
windows_protocol_util.c
Log Message:
Bug(s) fixed: 186280
Bug Description: ldapserver: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan, Noriko, and Pete (Thanks!)
Fix Description: Clean up usage of sprintf, strcpy, fgets instead of
gets, fixed buffer usage, etc., mostly in the CGI code and other user
facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick
to force it to check printf style varargs functions, to check the format
string against the argument string, for type mismatches, missing
arguments, and too many arguments.
In the CGI form argument parsing code, we needed to be more careful
about checking for bad input - good input is supposed to look like this:
name=value&name=value&.....
&name=value. I don't think the original code
was checking properly for something like name&name=value.
There was another place where we were not checking to see if a buffer
had enough room before appending a string to it.
I had to change a couple of functions to allow passing in the size of
the buffer.
Fixed some issues raised by Noriko and Nathan.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: cl5_api.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/cl5_api.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- cl5_api.c 19 Apr 2005 22:07:32 -0000 1.9
+++ cl5_api.c 11 Apr 2006 02:14:42 -0000 1.10
@@ -51,6 +51,7 @@
#include "cl5_api.h"
#include "plhash.h"
+#include "plstr.h"
#include "db.h"
#include "cl5_clcache.h" /* To use the Changelog Cache */
@@ -2124,7 +2125,7 @@
}
/* directory does not exist - try to create */
- strncpy (buff, dirName, MAXPATHLEN);
+ PL_strncpyz (buff, dirName, sizeof(buff)-1);
t = strchr (buff, '/');
/* skip first slash */
Index: repl.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- repl.h 19 Apr 2005 22:07:32 -0000 1.5
+++ repl.h 11 Apr 2006 02:14:42 -0000 1.6
@@ -61,10 +61,9 @@
} schedule_item;
/* XXXggood - copied from slap.h - bad */
-#if defined( XP_WIN32 )
+/* XXXrichm - copied to match definition in slap.h - 20060406 */
+#ifndef NO_TIME
#define NO_TIME (time_t)0 /* cannot be -1, NT's localtime( -1 ) returns NULL */
-#else
-#define NO_TIME (time_t)-1 /* a value that time() does not return */
#endif
/*
Index: repl5_inc_protocol.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_inc_protocol.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- repl5_inc_protocol.c 4 May 2005 23:58:51 -0000 1.8
+++ repl5_inc_protocol.c 11 Apr 2006 02:14:42 -0000 1.9
@@ -242,6 +242,7 @@
return conres;
}
+#if NEEDED_FOR_DEBUGGING
static void
repl5_inc_log_operation_failure(int operation_code, int ldap_error, char* ldap_error_string, const char *agreement_name)
{
@@ -253,12 +254,12 @@
ldap_error, ldap_error_string ? ldap_error_string : "NULL",
op_string ? op_string : "NULL");
}
+#endif
/* Thread that collects results from async operations sent to the consumer */
static void repl5_inc_result_threadmain(void *param)
{
result_data *rd = (result_data*) param;
- int res = 0;
ConnResult conres = 0;
Repl_Connection *conn = rd->prp->conn;
int finished = 0;
@@ -384,7 +385,6 @@
static void
repl5_inc_rd_list_destroy(repl5_inc_operation *op)
{
- repl5_inc_operation *cur = op;
while (op) {
repl5_inc_operation *next = op->next;
repl5_inc_op_free(op);
@@ -689,7 +689,7 @@
/* just ignore it and go to sleep */
protocol_sleep(prp, PR_INTERVAL_NO_TIMEOUT);
}
- else if (e1 = event_occurred(prp, EVENT_WINDOW_CLOSED) ||
+ else if ((e1 = event_occurred(prp, EVENT_WINDOW_CLOSED)) ||
event_occurred(prp, EVENT_BACKOFF_EXPIRED))
{
/* this events - should not occur - log a warning and go to sleep */
@@ -748,7 +748,7 @@
next_state = STATE_READY_TO_ACQUIRE;
wait_change_timer_set = 0;
}
- else if (e1 = event_occurred(prp, EVENT_WINDOW_OPENED) ||
+ else if ((e1 = event_occurred(prp, EVENT_WINDOW_OPENED)) ||
event_occurred(prp, EVENT_BACKOFF_EXPIRED))
{
/* this events - should not occur - log a warning and clear the event */
@@ -849,7 +849,7 @@
{
/* consume and ignore */
}
- else if (e1 = event_occurred (prp, EVENT_WINDOW_OPENED) ||
+ else if ((e1 = event_occurred (prp, EVENT_WINDOW_OPENED)) ||
event_occurred (prp, EVENT_BACKOFF_EXPIRED))
{
/* This should never happen */
Index: repl5_replica.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_replica.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- repl5_replica.c 15 Feb 2006 22:54:07 -0000 1.12
+++ repl5_replica.c 11 Apr 2006 02:14:43 -0000 1.13
@@ -1539,7 +1539,7 @@
PR_ASSERT (r);
if (r->repl_root == NULL || r->repl_type == 0 || r->repl_rid == 0 ||
- r->repl_rid > MAX_REPLICA_ID || r->repl_csngen == NULL || r->repl_name == NULL)
+ r->repl_csngen == NULL || r->repl_name == NULL)
{
return -1;
}
Index: repl5_tot_protocol.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_tot_protocol.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- repl5_tot_protocol.c 19 Apr 2005 22:07:32 -0000 1.7
+++ repl5_tot_protocol.c 11 Apr 2006 02:14:43 -0000 1.8
@@ -125,7 +125,6 @@
static void repl5_tot_result_threadmain(void *param)
{
callback_data *cb = (callback_data*) param;
- int res = 0;
ConnResult conres = 0;
Repl_Connection *conn = cb->prp->conn;
int finished = 0;
Index: windows_connection.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_connection.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- windows_connection.c 20 Feb 2006 19:36:24 -0000 1.13
+++ windows_connection.c 11 Apr 2006 02:14:43 -0000 1.14
@@ -665,8 +665,6 @@
const char* old_dn = NULL;
char* dn = NULL;
- int i=0;
- int num_comp=0;
LDAPDebug( LDAP_DEBUG_TRACE, "=> send_dirsync_search\n", 0, 0, 0 );
@@ -810,13 +808,10 @@
Slapi_Entry * windows_conn_get_search_result(Repl_Connection *conn)
{
int rc=0;
- int matches=0;
LDAPMessage *res = NULL;
Slapi_Entry *e = NULL;
LDAPMessage *lm = NULL;
- char *a = "";
char *dn = "";
- BerElement *ber = NULL;
LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_conn_get_search_result\n", 0, 0, 0 );
Index: windows_inc_protocol.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_inc_protocol.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- windows_inc_protocol.c 6 May 2005 03:33:36 -0000 1.11
+++ windows_inc_protocol.c 11 Apr 2006 02:14:43 -0000 1.12
@@ -386,7 +386,7 @@
/* just ignore it and go to sleep */
protocol_sleep(prp, PR_INTERVAL_NO_TIMEOUT);
}
- else if (e1 = event_occurred(prp, EVENT_WINDOW_CLOSED) ||
+ else if ((e1 = event_occurred(prp, EVENT_WINDOW_CLOSED)) ||
event_occurred(prp, EVENT_BACKOFF_EXPIRED))
{
/* this events - should not occur - log a warning and go to sleep */
@@ -458,7 +458,7 @@
next_state = STATE_READY_TO_ACQUIRE;
wait_change_timer_set = 0;
}
- else if (e1 = event_occurred(prp, EVENT_WINDOW_OPENED) ||
+ else if ((e1 = event_occurred(prp, EVENT_WINDOW_OPENED)) ||
event_occurred(prp, EVENT_BACKOFF_EXPIRED))
{
/* this events - should not occur - log a warning and clear the event */
@@ -570,7 +570,7 @@
{
/* consume and ignore */
}
- else if (e1 = event_occurred (prp, EVENT_WINDOW_OPENED) ||
+ else if ((e1 = event_occurred (prp, EVENT_WINDOW_OPENED)) ||
event_occurred (prp, EVENT_BACKOFF_EXPIRED))
{
/* This should never happen */
Index: windows_private.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_private.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- windows_private.c 16 May 2005 22:26:25 -0000 1.10
+++ windows_private.c 11 Apr 2006 02:14:43 -0000 1.11
@@ -423,7 +423,6 @@
{
LDAPControl *control = NULL;
- LDAPControl **lc = &control ;
BerElement *ber;
Dirsync_Private *dp;
@@ -498,7 +497,7 @@
goto choke;
}
- slapi_ch_free(&dp->dirsync_cookie);
+ slapi_ch_free_string(&dp->dirsync_cookie);
dp->dirsync_cookie = ( char* ) slapi_ch_malloc(serverCookie->bv_len + 1);
memcpy(dp->dirsync_cookie, serverCookie->bv_val, serverCookie->bv_len);
@@ -548,7 +547,7 @@
PR_ASSERT (dp);
dp->dirsync_cookie_len = 0;
- slapi_ch_free(&dp->dirsync_cookie);
+ slapi_ch_free_string(&dp->dirsync_cookie);
dp->dirsync_cookie = NULL;
LDAPDebug( LDAP_DEBUG_TRACE, "<= windows_private_null_dirsync_control\n", 0, 0, 0 );
@@ -630,7 +629,6 @@
Slapi_DN* sdn = NULL;
int rc = 0;
Slapi_Entry *entry = NULL;
- char* cookie = NULL;
Slapi_Attr *attr = NULL;
LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_private_load_dirsync_cookie\n", 0, 0, 0 );
@@ -658,7 +656,7 @@
if (vals)
{
dp->dirsync_cookie_len = (int) (vals[0])->bv_len;
- slapi_ch_free(&dp->dirsync_cookie);
+ slapi_ch_free_string(&dp->dirsync_cookie);
dp->dirsync_cookie = ( char* ) slapi_ch_malloc(dp->dirsync_cookie_len + 1);
memcpy(dp->dirsync_cookie,(vals[0]->bv_val), (vals[0])->bv_len+1);
Index: windows_protocol_util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- windows_protocol_util.c 20 Mar 2006 17:47:16 -0000 1.25
+++ windows_protocol_util.c 11 Apr 2006 02:14:43 -0000 1.26
@@ -64,12 +64,12 @@
static int windows_create_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *original_entry, Slapi_DN *remote_sdn, Slapi_Entry **remote_entry, char** password);
static int windows_get_local_entry(const Slapi_DN* local_dn,Slapi_Entry **local_entry);
static int windows_get_local_entry_by_uniqueid(Private_Repl_Protocol *prp,const char* uniqueid,Slapi_Entry **local_entry);
-static int map_entry_dn_outbound(Slapi_Entry *e, const Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int want_guid);
+static int map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int want_guid);
static char* extract_ntuserdomainid_from_entry(Slapi_Entry *e);
static int windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,Slapi_Entry **remote_entry);
static const char* op2string (int op);
static int is_subject_of_agreemeent_remote(Slapi_Entry *e, const Repl_Agmt *ra);
-static int map_entry_dn_inbound(Slapi_Entry *e, const Slapi_DN **dn, const Repl_Agmt *ra);
+static int map_entry_dn_inbound(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra);
static int windows_update_remote_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,Slapi_Entry *local_entry);
@@ -678,12 +678,6 @@
void
windows_release_replica(Private_Repl_Protocol *prp)
{
-
- struct berval *retdata = NULL;
- char *retoid = NULL;
- struct berval *payload = NULL;
- Slapi_DN *replarea_sdn = NULL;
-
LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_release_replica\n", 0, 0, 0 );
PR_ASSERT(NULL != prp);
@@ -1248,14 +1242,12 @@
int retval = 0;
char *entry_string = NULL;
Slapi_Entry *new_entry = NULL;
- Slapi_PBlock* pb = NULL;
int rc = 0;
int is_user = 0;
int is_group = 0;
Slapi_Attr *attr = NULL;
char *username = NULL;
const char *dn_string = NULL;
- char *remote_entry_template = NULL;
char *fqusername = NULL;
const char *domain_name = windows_private_get_windows_domain(prp->agmt);
int is_nt4 = windows_private_get_isnt4(prp->agmt);
@@ -1309,7 +1301,6 @@
for (rc = slapi_entry_first_attr(original_entry, &attr); rc == 0;
rc = slapi_entry_next_attr(original_entry, attr, &attr))
{
- Slapi_Value *value = NULL;
char *type = NULL;
Slapi_ValueSet *vs = NULL;
int mapdn = 0;
@@ -1449,7 +1440,6 @@
Slapi_Mods smods = {0};
Slapi_Mods mapped_smods = {0};
LDAPMod *mod = NULL;
- int i=0;
int is_nt4 = windows_private_get_isnt4(prp->agmt);
LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_map_mods_for_replay\n", 0, 0, 0 );
@@ -1944,7 +1934,7 @@
/* Given a non-tombstone entry, return the DN of its peer in AD (whether present or not) */
static int
-map_entry_dn_outbound(Slapi_Entry *e, const Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int guid_form)
+map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int guid_form)
{
int retval = 0;
char *guid = NULL;
@@ -2048,7 +2038,7 @@
/* Given a tombstone entry, return the DN of its peer in this server (if present) */
static int
-map_tombstone_dn_inbound(Slapi_Entry *e, const Slapi_DN **dn, const Repl_Agmt *ra)
+map_tombstone_dn_inbound(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra)
{
int retval = 0;
Slapi_DN *new_dn = NULL;
@@ -2106,7 +2096,7 @@
/* Given a non-tombstone entry, return the DN of its peer in this server (whether present or not) */
static int
-map_entry_dn_inbound(Slapi_Entry *e, const Slapi_DN **dn, const Repl_Agmt *ra)
+map_entry_dn_inbound(Slapi_Entry *e, Slapi_DN **dn, const Repl_Agmt *ra)
{
int retval = 0;
Slapi_DN *new_dn = NULL;
@@ -2366,7 +2356,6 @@
for (rc = slapi_entry_first_attr(remote_entry, &attr); rc == 0;
rc = slapi_entry_next_attr(remote_entry, attr, &attr))
{
- Slapi_Value *value = NULL;
char *type = NULL;
Slapi_ValueSet *vs = NULL;
int mapdn = 0;
@@ -2517,7 +2506,6 @@
rc = slapi_entry_next_attr(remote_entry, attr, &attr))
{
int is_present_local = 0;
- Slapi_Value *value = NULL;
char *type = NULL;
Slapi_ValueSet *vs = NULL;
char *local_type = NULL;
@@ -2723,7 +2711,6 @@
{
Slapi_Mods smods = {0};
int retval = 0;
- int rc = 0;
Slapi_PBlock *pb = NULL;
int do_modify = 0;
More information about the Fedora-directory-commits
mailing list