Line
Link Here
|
0 |
-- httpd-2.2.6/modules/ldap/util_ldap.c 2007-08-20 01:19:46.000000000 +0200 |
0 |
++ httpd-2.2.6-swisslife/modules/ldap/util_ldap.c 2007-12-07 10:41:44.000000000 +0100 |
Lines 45-50
Link Here
|
45 |
#include "unixd.h" |
45 |
#include "unixd.h" |
46 |
#endif |
46 |
#endif |
|
|
47 |
#define ATTRIBUTE_VALUE_SIZE 256 |
48 |
|
47 |
/* defines for certificate file types |
49 |
/* defines for certificate file types |
48 |
*/ |
50 |
*/ |
49 |
#define LDAP_CA_TYPE_UNKNOWN 0 |
51 |
#define LDAP_CA_TYPE_UNKNOWN 0 |
Lines 1038-1053
Link Here
|
1038 |
char **values; |
1040 |
char **values; |
1039 |
int j = 0; |
1041 |
int j = 0; |
1040 |
char *str = NULL; |
1042 |
char *str = NULL; |
|
|
1043 |
int len = 0; |
1044 |
int size = 0; |
1045 |
int maxsize = 0; |
1046 |
int nextsize = 0; |
1047 |
char *buffer = NULL; |
1048 |
|
1041 |
/* get values */ |
1049 |
/* get values */ |
1042 |
values = ldap_get_values(ldc->ldap, entry, attrs[i]); |
1050 |
values = ldap_get_values(ldc->ldap, entry, attrs[i]); |
1043 |
while (values && values[j]) { |
1051 |
|
1044 |
str = str ? apr_pstrcat(r->pool, str, "; ", values[j], NULL) |
1052 |
maxsize = ldap_count_values(values) * ATTRIBUTE_VALUE_SIZE; |
1045 |
: apr_pstrdup(r->pool, values[j]); |
1053 |
|
|
|
1054 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
1055 |
"[%" APR_PID_T_FMT "] ldap cache: allocating %i bytes for attribute values", |
1056 |
getpid(), maxsize); |
1057 |
|
1058 |
buffer = apr_pcalloc(r->pool,maxsize); |
1059 |
str = buffer; |
1060 |
|
1061 |
while (values && values[j] && nextsize < maxsize) { |
1062 |
len=strlen(values[j]); |
1063 |
buffer[0]=';'; |
1064 |
memcpy(++buffer, values[j], len); |
1065 |
buffer+=len; |
1066 |
size+=len; |
1046 |
j++; |
1067 |
j++; |
|
|
1068 |
|
1069 |
nextsize=size+strlen(values[j]); |
1070 |
|
1071 |
if (nextsize >= maxsize) { |
1072 |
ap_log_error(APLOG_MARK, APLOG_WARNING , 0, r->server, |
1073 |
"[%" APR_PID_T_FMT "] ldap cache: buffer overflow while storing attributes values. attribute %s has more than %i bytes ", |
1074 |
getpid(), attrs[i], maxsize); |
1075 |
} |
1076 |
|
1047 |
} |
1077 |
} |
1048 |
ldap_value_free(values); |
1078 |
ldap_value_free(values); |
1049 |
vals[i] = str; |
1079 |
vals[i] = str; |
1050 |
i++; |
1080 |
i++; |
|
|
1081 |
|
1051 |
} |
1082 |
} |
1052 |
*retvals = vals; |
1083 |
*retvals = vals; |
1053 |
} |
1084 |
} |
Lines 1233-1244
Link Here
|
1233 |
char **values; |
1264 |
char **values; |
1234 |
int j = 0; |
1265 |
int j = 0; |
1235 |
char *str = NULL; |
1266 |
char *str = NULL; |
|
|
1267 |
int len = 0; |
1268 |
int size = 0; |
1269 |
int maxsize = 0; |
1270 |
int nextsize = 0; |
1271 |
char *buffer = NULL; |
1272 |
|
1236 |
/* get values */ |
1273 |
/* get values */ |
1237 |
values = ldap_get_values(ldc->ldap, entry, attrs[i]); |
1274 |
values = ldap_get_values(ldc->ldap, entry, attrs[i]); |
1238 |
while (values && values[j]) { |
1275 |
|
1239 |
str = str ? apr_pstrcat(r->pool, str, "; ", values[j], NULL) |
1276 |
maxsize = ldap_count_values(values) * ATTRIBUTE_VALUE_SIZE; |
1240 |
: apr_pstrdup(r->pool, values[j]); |
1277 |
|
|
|
1278 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
1279 |
"[%" APR_PID_T_FMT "] ldap cache: allocating %i bytes for attribute values", |
1280 |
getpid(), maxsize); |
1281 |
|
1282 |
buffer = apr_pcalloc(r->pool,maxsize); |
1283 |
str = buffer; |
1284 |
|
1285 |
while (values && values[j] && nextsize < maxsize) { |
1286 |
len=strlen(values[j]); |
1287 |
buffer[0]=';'; |
1288 |
memcpy(++buffer, values[j], len); |
1289 |
buffer+=len; |
1290 |
size+=len; |
1241 |
j++; |
1291 |
j++; |
|
|
1292 |
|
1293 |
nextsize=size+strlen(values[j]); |
1294 |
|
1295 |
if (nextsize >= maxsize) { |
1296 |
ap_log_error(APLOG_MARK, APLOG_WARNING , 0, r->server, |
1297 |
"[%" APR_PID_T_FMT "] ldap cache: buffer overflow while storing attributes values. attribute %s has more than %i bytes ", |
1298 |
getpid(), attrs[i], maxsize); |
1299 |
} |
1300 |
|
1242 |
} |
1301 |
} |
1243 |
ldap_value_free(values); |
1302 |
ldap_value_free(values); |
1244 |
vals[i] = str; |
1303 |
vals[i] = str; |