From: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Date: Tue, 22 Sep 2009 00:14:06 +0000 (-0700)
Subject: Add support in the ldb_dn.c code for MS-ADTS:3.1.1.5.1.2 Naming Constraints
X-Git-Tag: talloc-2.0.1~457^2
X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=b850d7fb08b97fff8ce5ec2cbff2256aa390e440

Add support in the ldb_dn.c code for MS-ADTS:3.1.1.5.1.2 Naming Constraints
---

diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c
index d905f47040b..af00ef96f30 100644
--- a/source4/lib/ldb/common/ldb_dn.c
+++ b/source4/lib/ldb/common/ldb_dn.c
@@ -103,6 +103,11 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx,
 		dn->ext_linearized = talloc_strndup(dn, data, length);
 		LDB_DN_NULL_FAILED(dn->ext_linearized);
 
+		if (strlen(data) != length) {
+			/* The RDN must not contain a character with value 0x0 */
+			return NULL;
+		}
+
 		if (data[0] == '<') {
 			const char *p_save, *p = dn->ext_linearized;
 			do {
@@ -231,6 +236,9 @@ char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value)
 /*
   explode a DN string into a ldb_dn structure
   based on RFC4514 except that we don't support multiple valued RDNs
+
+  TODO: according to MS-ADTS:3.1.1.5.2 Naming Constraints
+  DN must be compliant with RFC2253
 */
 static bool ldb_dn_explode(struct ldb_dn *dn)
 {
@@ -264,6 +272,11 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 		return false;
 	}
 
+	/* The RDN size must be less than 255 characters */
+	if (strlen(parse_dn) > 255) {
+		return false;
+	}
+
 	/* Empty DNs */
 	if (parse_dn[0] == '\0') {
 		return true;