At present we don't detect errors, but when we do we'll return NULL.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* rfc1738_unescape() - Converts escaped characters (%xy numbers) in
* given the string. %% is a %. %ab is the 8-bit hexadecimal number "ab"
*/
-_PUBLIC_ void
-rfc1738_unescape(char *s)
+
+_PUBLIC_ char *rfc1738_unescape(char *s)
{
char hexnum[3];
int i, j; /* i is write, j is read */
}
}
s[i] = '\0';
+ return s + i;
}
/**
Unescape a URL encoded string, in place.
**/
-_PUBLIC_ void rfc1738_unescape(char *buf);
+_PUBLIC_ char *rfc1738_unescape(char *buf);
/**
uri_unescape_alloc(const char *uritok)
{
char *ret;
-
+ char *end;
ret = (char *) SMB_STRDUP(uritok);
if (!ret) {
return NULL;
}
- rfc1738_unescape(ret);
+ end = rfc1738_unescape(ret);
+ if (end == NULL) {
+ free(ret);
+ return NULL;
+ }
return ret;
}
struct ntlm_auth_state *state,
char *buf, int length, void **private2)
{
- char *user, *pass;
+ char *user, *pass;
user=buf;
pass=(char *)memchr(buf,' ',length);
pass++;
if (state->helper_mode == SQUID_2_5_BASIC) {
- rfc1738_unescape(user);
- rfc1738_unescape(pass);
+ char *end = rfc1738_unescape(user);
+ if (end == NULL || (end - user) != strlen(user)) {
+ DEBUG(2, ("Badly rfc1738 encoded username: %s; "
+ "denying access\n", user));
+ printf("ERR\n");
+ return;
+ }
+ end = rfc1738_unescape(pass);
+ if (end == NULL || (end - pass) != strlen(pass)) {
+ DEBUG(2, ("Badly encoded password for %s; "
+ "denying access\n", user));
+ printf("ERR\n");
+ return;
+ }
}
if (check_plaintext_auth(user, pass, False)) {
if (strequal(protocol, "ldapi")) {
struct socket_address *unix_addr;
char path[1025];
-
+ char *end = NULL;
NTSTATUS status = socket_create("unix", SOCKET_TYPE_STREAM, &state->sock, 0);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
return result;
}
- rfc1738_unescape(path);
-
+ end = rfc1738_unescape(path);
+ if (end == NULL) {
+ composite_error(state->ctx,
+ NT_STATUS_INVALID_PARAMETER);
+ return result;
+ }
unix_addr = socket_address_from_strings(state, state->sock->backend_name,
path, 0);
if (composite_nomem(unix_addr, result)) {
return result;
}
-
ctx = socket_connect_send(state->sock, NULL, unix_addr,
0, result->event_ctx);
ctx->async.fn = ldap_connect_recv_unix_conn;