git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cba88a2)
s4-dsdb: fixed booling conversion to check value length
authorAndrew Tridgell <tridge@samba.org>
Tue, 9 Aug 2011 06:50:51 +0000 (16:50 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 9 Aug 2011 09:56:23 +0000 (11:56 +0200)
this ensures we don't look past the end of the data

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

source4/dsdb/schema/schema_syntax.c patch | blob | history

diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 501ab3adedbb28446900daecf4848f37e9a2de58..e875bee9240bafa796ed0bb21f012ca493d8e481 100644 (file)
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -229,9 +229,11 @@ static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
                blobs[i] = data_blob_talloc(blobs, NULL, 4);
                W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
 
-               if (strcmp("TRUE", (const char *)in->values[i].data) == 0) {
+               if (in->values[i].length >= 4 &&
+                   strncmp("TRUE", (const char *)in->values[i].data, in->values[i].length) == 0) {
                        SIVAL(blobs[i].data, 0, 0x00000001);
-               } else if (strcmp("FALSE", (const char *)in->values[i].data) == 0) {
+               } else if (in->values[i].length >= 5 &&
+                          strncmp("FALSE", (const char *)in->values[i].data, in->values[i].length) == 0) {
                        SIVAL(blobs[i].data, 0, 0x00000000);
                } else {
                        return WERR_FOOBAR;
@@ -252,22 +254,23 @@ static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
        }
 
        for (i=0; i < in->num_values; i++) {
-               int t, f;
-
                if (in->values[i].length == 0) {
                        return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
                }
 
-               t = strncmp("TRUE",
+               if (in->values[i].length >= 4 &&
+                   strncmp("TRUE",
                            (const char *)in->values[i].data,
-                           in->values[i].length);
-               f = strncmp("FALSE",
+                           in->values[i].length) == 0) {
+                       continue;
+               }
+               if (in->values[i].length >= 5 &&
+                   strncmp("FALSE",
                            (const char *)in->values[i].data,
-                           in->values[i].length);
-
-               if (t != 0 && f != 0) {
-                       return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+                           in->values[i].length) == 0) {
+                       continue;
                }
+               return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
        }
 
        return WERR_OK;
Work in progress branches