On Thu, Aug 29, 2024 at 3:22 PM <minf...@apache.org> wrote:
>
> --- apr/apr-util/branches/1.7.x/ldap/apr_ldap.c (original)
> +++ apr/apr-util/branches/1.7.x/ldap/apr_ldap.c Thu Aug 29 13:21:13 2024
[]
> @@ -1592,16 +1593,32 @@ APU_DECLARE_LDAP(apr_status_t) apr_ldap_
>
>                  if (vals) {
>
> -                    int k, nvals;
> +                    int k, nvals, binary = 0;
> +
> +                    char *sc = attr;
> +
> +                    /* support for RFC4522 binary encoding option */
> +                    while ((sc = strchr(sc, ';'))) {
> +                        if (!apr_cstr_casecmpn(sc, ";binary", 7) && (sc[7] 
> == 0 || sc[7] == ';')) {
> +                            binary = 1;
> +                            break;
> +                        }

An "sc++" is missing here or ";foo" will loop indefinitely (per
https://lists.apache.org/thread/tkhy70138zowr4lkmxmywhnrmy41h410).

> +                    }
>
>                      nvals = ldap_count_values_len(vals);
>
>                      for (k = 0; k < nvals; k++) {
>
>                          apr_buffer_t buf;
> +                        char *str = NULL;
>
> -                        apr_buffer_mem_set(&buf, vals[k]->bv_val, 
> vals[k]->bv_len);
> -// fixme - tell cb if binary
> +                        if (binary) {
> +                            apr_buffer_mem_set(&buf, vals[k]->bv_val, 
> vals[k]->bv_len);
> +                        }
> +                        else {
> +                            str = strndup(vals[k]->bv_val, vals[k]->bv_len);

Not clear why this strndup() is needed still (per
https://lists.apache.org/thread/t08zmhs4s5pxq62l6bxv8ov80wcqthpo).
BTW [1] says it's C23 (not C89) so possibly not usable easily in APR?

[1] https://en.cppreference.com/w/c/experimental/dynamic/strndup

> +                            apr_buffer_str_set(&buf, str, vals[k]->bv_len);
> +                        }
>
>                          if (res->entry_cb.search) {
>                              status = res->entry_cb.search(ldap, dn, 
> res->nentries, nattrs, j,
> @@ -1610,6 +1627,10 @@ APU_DECLARE_LDAP(apr_status_t) apr_ldap_
>                          else {
>                              status = apr_ldap_status(err->rc, APR_EGENERAL);
>                          }
> +
> +                        if (str) {
> +                            free(str);
> +                        }
>                      }
>
>                  }


Regards;
Yann.

Reply via email to