diff options
| author | Martin Hedenfal <martinh@cvs.openbsd.org> | 2011-01-08 19:42:46 +0000 |
|---|---|---|
| committer | Martin Hedenfal <martinh@cvs.openbsd.org> | 2011-01-08 19:42:46 +0000 |
| commit | 02ebbcaee9974aebb49ff948f872850df578ea48 (patch) | |
| tree | 935dd501a75d24d71273d4a9fd325a5c1db6cce6 /usr.sbin/ldapd | |
| parent | 522294a669cc781ace3d79551f7f4644446ec967 (diff) | |
Change detection of indefinite BER lenghts (which is not allowed). Only a
length byte of 0x80 is now treated as meaning indefinite. This fixes empty
sets sent by the winldap api. Makes authentication through pGina work.
with william@
Diffstat (limited to 'usr.sbin/ldapd')
| -rw-r--r-- | usr.sbin/ldapd/ber.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr.sbin/ldapd/ber.c b/usr.sbin/ldapd/ber.c index a56b809049a..91f2596c6a8 100644 --- a/usr.sbin/ldapd/ber.c +++ b/usr.sbin/ldapd/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.5 2010/10/19 09:20:48 martinh Exp $ */ +/* $OpenBSD: ber.c,v 1.6 2011/01/08 19:42:45 martinh Exp $ */ /* * Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net> @@ -1016,6 +1016,12 @@ get_len(struct ber *b, ssize_t *len) return 1; } + if (u == 0x80) { + /* Indefinite length not supported. */ + errno = EINVAL; + return -1; + } + n = u & ~BER_TAG_MORE; if (sizeof(ssize_t) < n) { errno = ERANGE; @@ -1035,12 +1041,6 @@ get_len(struct ber *b, ssize_t *len) return -1; } - if (s == 0) { - /* invalid encoding */ - errno = EINVAL; - return -1; - } - *len = s; return r; } |