Overview

File NUL-bytes-in-postalAddress-ITS-6379.dif of Package openldap2

From e05815eb5cfe9dabe1eb2cece3b68b4b16d3efe6 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de>
Date: Tue, 8 Jun 2010 14:24:44 +0200
Subject: NUL bytes in postalAddress (ITS#6379)

postalAddressNormalize uses lutil_strncat() to copy bervals.  If bervals
contain embedded '\0', the resulting string will be incorrect, and shorter
than expected, triggering an assertion failure.  Searches with filter
"(postalAddress=\00)' trigger the assertion.

bnc#555725

 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/include/lutil.h b/include/lutil.h
index b20be1d..75a2612 100644
--- a/include/lutil.h
+++ b/include/lutil.h
@@ -195,6 +195,9 @@ lutil_strcopy LDAP_P(( char *dst, const char *src ));
 LDAP_LUTIL_F( char* )
 lutil_strncopy LDAP_P(( char *dst, const char *src, size_t n ));
 
+LDAP_LUTIL_F( char* )
+lutil_memcopy LDAP_P(( char *dst, const char *src, size_t n ));
+
 struct tm;
 
 /* use this macro to statically allocate buffer for lutil_gentime */
diff --git a/libraries/liblutil/utils.c b/libraries/liblutil/utils.c
index 8a199f8..636a8f0 100644
--- a/libraries/liblutil/utils.c
+++ b/libraries/liblutil/utils.c
@@ -437,6 +437,21 @@ lutil_strncopy(
 	
 	while ((*a++ = *b++) && n-- > 0) ;
 	return a-1;
+} 
+
+/* memcopy is like memcpy except it returns a pointer to the byte past
+ * the end of the result buffer, set to NULL. This allows fast construction
+ * of catenated buffers.  Provided for API consistency with lutil_str*copy().
+ */
+char *
+lutil_memcopy(
+        char *a,
+        const char *b,
+        size_t n
+)
+{
+        AC_MEMCPY(a, b, n);
+        return a + n;
 }
 
 #ifndef HAVE_MKSTEMP
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 2d8e75c..eb394e8 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -2080,8 +2080,7 @@ postalAddressNormalize(
 
 	p = normalized->bv_val;
 	for ( l = 0; !BER_BVISNULL( &nlines[l] ); l++ ) {
-		p = lutil_strncopy( p, nlines[l].bv_val, nlines[l].bv_len );
-
+		p = lutil_memcopy( p, nlines[l].bv_val, nlines[l].bv_len );
 		*p++ = '$';
 	}
 	*--p = '\0';
-- 
1.7.0.3
openSUSE Build Service is sponsored by
Places