Add check for LDAP filter overflow, and exit cleanly.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913958 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 2de813f..6d62d9d 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -206,7 +206,7 @@
* search filter will be (&(posixid=*)(uid=userj)).
*/
#define FILTER_LENGTH MAX_STRING_LEN
-static apr_status_t authn_ldap_build_filter(char *filtbuf,
+static apr_status_t authn_ldap_build_filter(char filtbuf[FILTER_LENGTH],
request_rec *r,
const char *user,
const char *filter,
@@ -219,6 +219,7 @@
apr_size_t outbytes;
char *outbuf;
int nofilter = 0, len;
+ apr_status_t rv = APR_SUCCESS;
if (!filter) {
filter = sec->filter;
@@ -244,7 +245,7 @@
* config-supplied portions.
*/
- if ((nofilter = (filter && !strcasecmp(filter, "none")))) {
+ if ((nofilter = (!filter || !*filter || !strcasecmp(filter, "none")))) {
len = apr_snprintf(filtbuf, FILTER_LENGTH, "(%s=", sec->attribute);
}
else {
@@ -256,12 +257,13 @@
* LDAP filter metachars are escaped.
*/
filtbuf_end = filtbuf + FILTER_LENGTH - 1;
-#if APR_HAS_MICROSOFT_LDAPSDK
- for (p = user, q=filtbuf + len;
- *p && q < filtbuf_end; ) {
+ for (p = user, q = filtbuf + len; *p; ) {
if (strchr("*()\\", *p) != NULL) {
- if ( q + 3 >= filtbuf_end)
- break; /* Don't write part of escape sequence if we can't write all of it */
+#if APR_HAS_MICROSOFT_LDAPSDK
+ if (q + 3 >= filtbuf_end) { /* accounts for final \0 */
+ rv = APR_EGENERAL;
+ goto out;
+ }
*q++ = '\\';
switch ( *p++ )
{
@@ -281,23 +283,24 @@
*q++ = '5';
*q++ = 'c';
break;
- }
- }
- else
- *q++ = *p++;
- }
-#else
- for (p = user, q=filtbuf + len;
- *p && q < filtbuf_end; *q++ = *p++) {
- if (strchr("*()\\", *p) != NULL) {
- *q++ = '\\';
- if (q >= filtbuf_end) {
- break;
}
+#else
+ if (q + 2 >= filtbuf_end) { /* accounts for final \0 */
+ rv = APR_EGENERAL;
+ goto out;
+ }
+ *q++ = '\\';
+ *q++ = *p++;
+#endif
+ }
+ else {
+ if (q + 1 >= filtbuf_end) { /* accounts for final \0 */
+ rv = APR_EGENERAL;
+ goto out;
+ }
+ *q++ = *p++;
}
}
-#endif
- *q = '\0';
/*
* Append the closing parens of the filter, unless doing so would
@@ -305,23 +308,24 @@
*/
if (nofilter) {
- if (q + 1 <= filtbuf_end) {
- strcat(filtbuf, ")");
+ if (q + 1 >= filtbuf_end) { /* accounts for final \0 */
+ rv = APR_EGENERAL;
+ goto out;
}
- else {
- return APR_EGENERAL;
- }
+ *q++ = ')';
}
else {
- if (q + 2 <= filtbuf_end) {
- strcat(filtbuf, "))");
+ if (q + 2 >= filtbuf_end) { /* accounts for final \0 */
+ rv = APR_EGENERAL;
+ goto out;
}
- else {
- return APR_EGENERAL;
- }
+ *q++ = ')';
+ *q++ = ')';
}
- return APR_SUCCESS;
+out:
+ *q = '\0';
+ return rv;
}
static void *create_authnz_ldap_dir_config(apr_pool_t *p, char *d)
