r7749: some bug fixes from testing with socket:testnonblock

- fixed some infinite loops in asn1.c

- ensure asn1 callers know if an error is end of buffer or bad data

- handle npending 0 in ldap server
(This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875)

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index bf64735b0bf26d32ac33afd28d546bad793715b3..5ac50bd51466293e71e48599ae8936d2ba273b30 100644 (file)
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -254,10 +254,10 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags)
                return;
        }
        if (npending == 0) {
+               ldapsrv_terminate_connection(conn, "EOF from client");
                return;
        }
 
-
        conn->partial.data = talloc_realloc_size(conn, conn->partial.data, 
                                                 conn->partial.length + npending);
        if (conn->partial.data == NULL) {

diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
index 6560485be5580fdddb87266649a5330a71478cc1..eefe80c919b8b0931e6a30da5a12c12be871cf64 100644 (file)
--- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c
+++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c
@@ -124,6 +124,8 @@ static int ildb_search(struct ldb_module *module, const char *base,
                if (ildb->rootDSE != NULL) {
                        base = ldb_msg_find_string(ildb->rootDSE, 
                                                   "defaultNamingContext", "");
+               } else {
+                       base = "";
                }
        }
 

diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index 2514e10117c660c5b97f4c0ef93d988df775919a..d7a230a77f2b9ad6f3dbecbe933035f28b245d9f 100644 (file)
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -501,7 +501,9 @@ static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx,
 
                ret->operation = LDB_OP_NOT;
                ret->u.not.child = ldap_decode_filter_tree(ret, data);
-
+               if (ret->u.not.child == NULL) {
+                       goto failed;
+               }
                if (!asn1_end_tag(data)) {
                        goto failed;
                }
@@ -595,7 +597,6 @@ static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx,
 
 failed:
        talloc_free(ret);
-       DEBUG(0,("Failed to parse ASN.1 LDAP filter\n"));
        return NULL;    
 }
 

diff --git a/source4/libcli/util/asn1.c b/source4/libcli/util/asn1.c
index 10afd74273461bf68d84f2da1288be5c28c5701f..2a4c75d9394aaff469bdc64d46856aacbed24ed4 100644 (file)
--- a/source4/libcli/util/asn1.c
+++ b/source4/libcli/util/asn1.c
@@ -299,8 +299,12 @@ BOOL asn1_peek(struct asn1_data *data, void *p, int len)
        if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len)
                return False;
 
-       if (data->ofs + len > data->length)
+       if (data->ofs + len > data->length) {
+               /* we need to mark the buffer as consumed, so the caller knows
+                  this was an out of data error, and not a decode error */
+               data->ofs = data->length;
                return False;
+       }
 
        memcpy(p, data->data + data->ofs, len);
        return True;
@@ -437,7 +441,7 @@ BOOL asn1_read_OID(struct asn1_data *data, const char **OID)
                do {
                        asn1_read_uint8(data, &b);
                        v = (v<<7) | (b&0x7f);
-               } while (!data->has_error && b & 0x80);
+               } while (!data->has_error && (b & 0x80));
                tmp_oid = talloc_asprintf_append(tmp_oid, " %u",  v);
        }
 
@@ -540,7 +544,7 @@ BOOL asn1_read_implicit_Integer(struct asn1_data *data, int *i)
        uint8_t b;
        *i = 0;
 
-       while (asn1_tag_remaining(data)>0) {
+       while (!data->has_error && asn1_tag_remaining(data)>0) {
                if (!asn1_read_uint8(data, &b)) return False;
                *i = (*i << 8) + b;
        }
@@ -564,7 +568,7 @@ BOOL asn1_read_enumerated(struct asn1_data *data, int *v)
        *v = 0;
        
        if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False;
-       while (asn1_tag_remaining(data)>0) {
+       while (!data->has_error && asn1_tag_remaining(data)>0) {
                uint8_t b;
                asn1_read_uint8(data, &b);
                *v = (*v << 8) + b;