diff options
| author |   martinh <martinh@openbsd.org> | 2011-01-08 19:42:45 +0000 |
|---|---|---|
| committer | martinh <martinh@openbsd.org> | 2011-01-08 19:42:45 +0000 |
| commit | e53c362bf267da9f833ebe1fa4fb61dd3f94c240 (patch) | |
| tree | 3a95fecad459ca304c7edef7c88e32f19ce0e899 | |
| parent | sync (diff) | |
| download | wireguard-openbsd-e53c362bf267da9f833ebe1fa4fb61dd3f94c240.tar.xz wireguard-openbsd-e53c362bf267da9f833ebe1fa4fb61dd3f94c240.zip | |
Change detection of indefinite BER lenghts (which is not allowed). Only a
length byte of 0x80 is now treated as meaning indefinite. This fixes empty
sets sent by the winldap api. Makes authentication through pGina work.
with william@
| -rw-r--r-- | usr.sbin/ldapd/ber.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr.sbin/ldapd/ber.c b/usr.sbin/ldapd/ber.c index a56b809049a..91f2596c6a8 100644 --- a/usr.sbin/ldapd/ber.c +++ b/usr.sbin/ldapd/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.5 2010/10/19 09:20:48 martinh Exp $ */ +/* $OpenBSD: ber.c,v 1.6 2011/01/08 19:42:45 martinh Exp $ */ /* * Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net> @@ -1016,6 +1016,12 @@ get_len(struct ber *b, ssize_t *len) return 1; } + if (u == 0x80) { + /* Indefinite length not supported. */ + errno = EINVAL; + return -1; + } + n = u & ~BER_TAG_MORE; if (sizeof(ssize_t) < n) { errno = ERANGE; @@ -1035,12 +1041,6 @@ get_len(struct ber *b, ssize_t *len) return -1; } - if (s == 0) { - /* invalid encoding */ - errno = EINVAL; - return -1; - } - *len = s; return r; } |