The branch, master has been updated
via 2a00138 s4-dsdb/schema_syntax: Separate validation for numericoid
OID values
via 14cb61d asn1_tests: Implement negative unit-tests for
ber_write_OID_String()
via 6b63ad6 asn1: ber_write_OID_String() to be more picky about
supplied OID
from c74ef7a waf: Mark the replacement zlib private so that it can build
on machine without a system zlib
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2a001381e88b18b8612cdc2a40d9ea3c825548ea
Author: Kamen Mazdrashki <kame...@samba.org>
Date: Wed Oct 20 13:49:46 2010 +0300
s4-dsdb/schema_syntax: Separate validation for numericoid OID values
This implementation doesn't use prefixMap/Schema to validate
numericoid OIDs. We may not have this OID yet, so I see no point
checking schema for if we have it.
Side effect of using prefixMap/Schema for validating numericoids
is that we mistakenly add the OID to the prefixMap.
This led to a corrupted prefixMap in LDB.
Autobuild-User: Kamen Mazdrashki <kame...@samba.org>
Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104
commit 14cb61da8fe4fb24c3e066e5731d0be00ddb893b
Author: Kamen Mazdrashki <kame...@samba.org>
Date: Wed Oct 20 13:46:34 2010 +0300
asn1_tests: Implement negative unit-tests for ber_write_OID_String()
commit 6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f
Author: Kamen Mazdrashki <kame...@samba.org>
Date: Wed Oct 20 13:45:59 2010 +0300
asn1: ber_write_OID_String() to be more picky about supplied OID
Now function will check for invalid OID handling cases where:
- sub-identifier has invalid characters (non-digit)
- 'dot' separator found on unexpected place. For instance
'.' at start or end of the OID. Two '.' in a row.
-----------------------------------------------------------------------
Summary of changes:
lib/util/asn1.c | 5 +++
lib/util/tests/asn1_tests.c | 22 +++++++++++++++
source4/dsdb/schema/schema_syntax.c | 50 ++++++++++++++++++++++++++++++++--
3 files changed, 74 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 2a71f2f..21d4bd4 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -221,10 +221,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB
*blob, const char *OID)
char *newp;
int i;
+ if (!isdigit(*p)) return false;
v = strtoul(p, &newp, 10);
if (newp[0] != '.') return false;
p = newp + 1;
+ if (!isdigit(*p)) return false;
v2 = strtoul(p, &newp, 10);
if (newp[0] != '.') return false;
p = newp + 1;
@@ -237,9 +239,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB
*blob, const char *OID)
i = 1;
while (*p) {
+ if (!isdigit(*p)) return false;
v = strtoul(p, &newp, 10);
if (newp[0] == '.') {
p = newp + 1;
+ /* check for empty last component */
+ if (!*p) return false;
} else if (newp[0] == '\0') {
p = newp;
} else {
diff --git a/lib/util/tests/asn1_tests.c b/lib/util/tests/asn1_tests.c
index b11e9d5..97f7756 100644
--- a/lib/util/tests/asn1_tests.c
+++ b/lib/util/tests/asn1_tests.c
@@ -64,6 +64,17 @@ static const struct oid_data oid_data_ok[] = {
},
};
+/* Data for successful OIDs conversions */
+static const char *oid_data_err[] = {
+ "", /* empty OID */
+ ".2.5.4.130", /* first sub-identifier is empty */
+ "2.5.4.130.", /* last sub-identifier is empty */
+ "2..5.4.130", /* second sub-identifier is empty */
+ "2.5..4.130", /* third sub-identifier is empty */
+ "2.abc.4.130", /* invalid sub-identifier */
+ "2.5abc.4.130", /* invalid sub-identifier (alpha-numeric)*/
+};
+
/* Data for successful Partial OIDs conversions */
static const struct oid_data partial_oid_data_ok[] = {
{
@@ -104,6 +115,7 @@ static bool test_ber_write_OID_String(struct
torture_context *tctx)
mem_ctx = talloc_new(tctx);
+ /* check for valid OIDs */
for (i = 0; i < ARRAY_SIZE(oid_data_ok); i++) {
torture_assert(tctx, ber_write_OID_String(mem_ctx, &blob,
data[i].oid),
"ber_write_OID_String failed");
@@ -117,6 +129,16 @@ static bool test_ber_write_OID_String(struct
torture_context *tctx)
data[i].oid, data[i].bin_oid));
}
+ /* check for invalid OIDs */
+ for (i = 0; i < ARRAY_SIZE(oid_data_err); i++) {
+ torture_assert(tctx,
+ !ber_write_OID_String(mem_ctx, &blob,
oid_data_err[i]),
+ talloc_asprintf(mem_ctx,
+ "Should fail for [%s] -> %s",
+ oid_data_err[i],
+ hex_encode_talloc(mem_ctx,
blob.data, blob.length)));
+ }
+
talloc_free(mem_ctx);
return true;
diff --git a/source4/dsdb/schema/schema_syntax.c
b/source4/dsdb/schema/schema_syntax.c
index db53aea..d6e4527 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -30,6 +30,7 @@
#include "system/time.h"
#include "../lib/util/charset/charset.h"
#include "librpc/ndr/libndr.h"
+#include "../lib/util/asn1.h"
/**
* Initialize dsdb_syntax_ctx with default values
@@ -1303,6 +1304,44 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const
struct dsdb_syntax_ctx *ctx,
return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx,
out);
}
+static WERROR _dsdb_syntax_OID_validate_numericoid(const struct
dsdb_syntax_ctx *ctx,
+ const struct dsdb_attribute
*attr,
+ const struct
ldb_message_element *in)
+{
+ unsigned int i;
+ TALLOC_CTX *tmp_ctx;
+
+ tmp_ctx = talloc_new(ctx->ldb);
+ W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+ for (i=0; i < in->num_values; i++) {
+ DATA_BLOB blob;
+ const char *oid_out;
+ const char *oid = (const char*)in->values[i].data;
+
+ if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
+ DEBUG(0,("ber_write_OID_String() failed for %s\n",
oid));
+ talloc_free(tmp_ctx);
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
+ DEBUG(0,("ber_read_OID_String() failed for %s\n",
+ hex_encode_talloc(tmp_ctx, blob.data,
blob.length)));
+ talloc_free(tmp_ctx);
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (strcmp(oid, oid_out) != 0) {
+ talloc_free(tmp_ctx);
+ return WERR_INVALID_PARAMETER;
+ }
+ }
+
+ talloc_free(tmp_ctx);
+ return WERR_OK;
+}
+
static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
const struct dsdb_attribute *attr,
const struct ldb_message_element *in)
@@ -1316,14 +1355,19 @@ static WERROR dsdb_syntax_OID_validate_ldb(const struct
dsdb_syntax_ctx *ctx,
return WERR_FOOBAR;
}
+ switch (attr->attributeID_id) {
+ case DRSUAPI_ATTRIBUTE_governsID:
+ case DRSUAPI_ATTRIBUTE_attributeID:
+ case DRSUAPI_ATTRIBUTE_attributeSyntax:
+ return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
+ }
+
/*
* TODO: optimize and verify this code
*/
tmp_ctx = talloc_new(ctx->ldb);
- if (tmp_ctx == NULL) {
- return WERR_NOMEM;
- }
+ W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
attr,
--
Samba Shared Repository
