From 917fcc03ee23429ba9fc878a71b652d98a04b1ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Mon, 27 Jul 2020 13:53:00 +0200 Subject: [PATCH] ITS#9279 Send Netscape expired control as a bare string --- libraries/libldap/ppolicy.c | 24 +++++++----------------- servers/slapd/overlays/ppolicy.c | 22 ++++------------------ 2 files changed, 11 insertions(+), 35 deletions(-) diff --git a/libraries/libldap/ppolicy.c b/libraries/libldap/ppolicy.c index 1ba2a8c43f..f8f468bec1 100644 --- a/libraries/libldap/ppolicy.c +++ b/libraries/libldap/ppolicy.c @@ -222,44 +222,34 @@ ldap_parse_password_expiring_control( LDAPControl *ctrl, long *secondsp ) { - BerElement *ber; - struct berval time_string; long seconds = 0; + char buf[sizeof("-2147483648")]; char *next; assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( ctrl != NULL ); - if ( !ctrl->ldctl_value.bv_val ) { + if ( BER_BVISEMPTY( &ctrl->ldctl_value ) || + ctrl->ldctl_value.bv_len >= sizeof(buf) ) { ld->ld_errno = LDAP_DECODING_ERROR; return(ld->ld_errno); } - /* Create a BerElement from the berval returned in the control. */ - ber = ber_init(&ctrl->ldctl_value); + memcpy( buf, ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len ); + buf[ctrl->ldctl_value.bv_len] = '\0'; - if (ber == NULL) { - ld->ld_errno = LDAP_NO_MEMORY; - return(ld->ld_errno); - } - - if ( ber_get_stringbv( ber, &time_string, 0 ) == LBER_ERROR ) goto exit; - - seconds = strtol( time_string.bv_val, &next, 10 ); - if ( next == time_string.bv_val || next[0] != '\0' ) goto exit; + seconds = strtol( buf, &next, 10 ); + if ( next == buf || next[0] != '\0' ) goto exit; if ( secondsp != NULL ) { *secondsp = seconds; } - ber_free(ber, 1); - ld->ld_errno = LDAP_SUCCESS; return(ld->ld_errno); exit: - ber_free(ber, 1); ld->ld_errno = LDAP_DECODING_ERROR; return(ld->ld_errno); } diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 9527d457f4..8af25eb547 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -738,24 +738,13 @@ fail: static LDAPControl * create_passexpiry( Operation *op, int expired, int warn ) { - BerElementBuffer berbuf; - BerElement *ber = (BerElement *) &berbuf; - LDAPControl c = { 0 }, *cp; + LDAPControl *cp; char buf[sizeof("-2147483648")]; struct berval bv = { .bv_val = buf, .bv_len = sizeof(buf) }; - int rc; - - BER_BVZERO( &c.ldctl_value ); bv.bv_len = snprintf( bv.bv_val, bv.bv_len, "%d", warn ); - ber_init2( ber, NULL, LBER_USE_DER ); - ber_printf( ber, "O", &bv ); - - if (ber_flatten2( ber, &c.ldctl_value, 0 ) == -1) { - return NULL; - } - cp = op->o_tmpalloc( sizeof( LDAPControl ) + c.ldctl_value.bv_len, op->o_tmpmemctx ); + cp = op->o_tmpalloc( sizeof( LDAPControl ) + bv.bv_len, op->o_tmpmemctx ); if ( expired ) { cp->ldctl_oid = (char *)ppolicy_pwd_expired_oid; } else { @@ -763,11 +752,8 @@ create_passexpiry( Operation *op, int expired, int warn ) } cp->ldctl_iscritical = 0; cp->ldctl_value.bv_val = (char *)&cp[1]; - cp->ldctl_value.bv_len = c.ldctl_value.bv_len; - AC_MEMCPY( cp->ldctl_value.bv_val, c.ldctl_value.bv_val, c.ldctl_value.bv_len ); -fail: - (void)ber_free_buf(ber); - + cp->ldctl_value.bv_len = bv.bv_len; + AC_MEMCPY( cp->ldctl_value.bv_val, bv.bv_val, bv.bv_len ); return cp; }