Ethereal-users: Re: [ethereal-users] LDAP Dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Wed, 23 Aug 2000 22:40:31 -0700
On Wed, Aug 23, 2000 at 03:59:33PM -0700, Guy Harris wrote:
> Yes, I'll take a look at this; callers to
> "asn1_octet_string_value_decode()" must not assume that what they get
> back is a '\0'-terminated string (it's a counted string, and it's not
> even necessarily a character string - the ASN.1 dissector doesn't know
> whether it is, although its caller probably does), *and* must not assume
> that it gets back a non-null pointer.  The LDAP dissector is making both
> of those assumptions in some places....

Here's a patch to "packet-ldap.c" to fix that; users with source and
"patch" and compiler tools/necessary libraries can patch and rebuild,
users without any of those will probably have to wait for the next
release and the binary packages for that release.

Index: packet-ldap.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/packet-ldap.c,v
retrieving revision 1.15
diff -c -r1.15 packet-ldap.c
*** packet-ldap.c	2000/08/13 14:08:24	1.15
--- packet-ldap.c	2000/08/24 05:39:12
***************
*** 311,319 ****
  {
    guchar *string;
    guchar *string2;
!   gint string_length;
!   gint string2_length;
    guint string_bytes;
    int ret;
  
    ret = asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
--- 311,320 ----
  {
    guchar *string;
    guchar *string2;
!   guint string_length;
!   guint string2_length;
    guint string_bytes;
+   char *filterp;
    int ret;
  
    ret = asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
***************
*** 324,330 ****
      return ret;
    *filter_length += 2 + strlen(operation) + string_length + string2_length;
    *filter = g_realloc(*filter, *filter_length);
!   sprintf(*filter + strlen(*filter), "(%.*s%s%.*s)", string_length, string, operation, string2_length, string2);
    g_free(string);
    g_free(string2);
    return ASN1_ERR_NOERROR;
--- 325,344 ----
      return ret;
    *filter_length += 2 + strlen(operation) + string_length + string2_length;
    *filter = g_realloc(*filter, *filter_length);
!   filterp = *filter + strlen(*filter);
!   *filterp++ = '(';
!   if (string_length != 0) {
!   	memcpy(filterp, string, string_length);
!   	filterp += string_length;
!   }
!   strcpy(filterp, operation);
!   filterp += strlen(operation);
!   if (string2_length != 0) {
!   	memcpy(filterp, string2, string2_length);
!   	filterp += string2_length;
!   }
!   *filterp++ = ')';
!   *filterp = '\0';
    g_free(string);
    g_free(string2);
    return ASN1_ERR_NOERROR;
***************
*** 334,341 ****
  static int parse_filter_substrings(ASN1_SCK *a, char **filter, guint *filter_length)
  {
    guchar *end;
!   guchar *string = NULL;
!   gint string_length;
    guint string_bytes;
    guint seq_len;
    guint header_bytes;  
--- 348,356 ----
  static int parse_filter_substrings(ASN1_SCK *a, char **filter, guint *filter_length)
  {
    guchar *end;
!   guchar *string;
!   char *filterp;
!   guint string_length;
    guint string_bytes;
    guint seq_len;
    guint header_bytes;  
***************
*** 355,363 ****
    if (ret != ASN1_ERR_NOERROR)
      return ret;
  
!   *filter_length += 2 + 1 + strlen(string);
    *filter = g_realloc(*filter, *filter_length);
!   sprintf(*filter + strlen(*filter), "(%.*s=", string_length, string);
    g_free(string);
  
    /* Now decode seq_len's worth of octet strings. */
--- 370,386 ----
    if (ret != ASN1_ERR_NOERROR)
      return ret;
  
!   *filter_length += 2 + 1 + string_length;
    *filter = g_realloc(*filter, *filter_length);
!   
!   filterp = *filter + strlen(*filter);
!   *filterp++ = '(';
!   if (string_length != 0) {
!     memcpy(filterp, string, string_length);
!     filterp += string_length;
!   }
!   *filterp++ = '=';
!   *filterp = '\0';
    g_free(string);
  
    /* Now decode seq_len's worth of octet strings. */
***************
*** 384,402 ****
  
      /* If we have an 'any' component with a string value, we need to append
       * an extra asterisk before final component. */
!     if ((tag == 1) && (string_length > 0))
        any_valued = 1;
  
      if ( (tag == 1) || ((tag == 2) && any_valued) )
        (*filter_length)++;
!     *filter_length += strlen(string);
      *filter = g_realloc(*filter, *filter_length);
  
      if ( (tag == 1) || ((tag == 2) && any_valued) )
!       strcat(*filter, "*");
      if (tag == 2)
        any_valued = 0;
!     sprintf(*filter + strlen(*filter), "%.*s", string_length, string);
      g_free(string);
    }
  
--- 407,430 ----
  
      /* If we have an 'any' component with a string value, we need to append
       * an extra asterisk before final component. */
!     if ((tag == 1) && (string_length != 0))
        any_valued = 1;
  
      if ( (tag == 1) || ((tag == 2) && any_valued) )
        (*filter_length)++;
!     *filter_length += string_length;
      *filter = g_realloc(*filter, *filter_length);
  
+     filterp = *filter + strlen(*filter);
      if ( (tag == 1) || ((tag == 2) && any_valued) )
!       *filterp++ = '*';
      if (tag == 2)
        any_valued = 0;
!     if (string_length != 0) {
!       memcpy(filterp, string, string_length);
!       filterp += string_length;
!     }
!     *filterp = '\0';
      g_free(string);
    }
  
***************
*** 404,414 ****
    {
      (*filter_length)++;
      *filter = g_realloc(*filter, *filter_length);
!     strcat(*filter, "*");
    }
    
    /* NB: Allocated byte for this earlier */
!   strcat(*filter, ")");
  
    return ASN1_ERR_NOERROR;
  }
--- 432,444 ----
    {
      (*filter_length)++;
      *filter = g_realloc(*filter, *filter_length);
!     filterp = *filter + strlen(*filter);
!     *filterp++ = '*';
    }
    
    /* NB: Allocated byte for this earlier */
!   *filterp++ = ')';
!   *filterp = '\0';
  
    return ASN1_ERR_NOERROR;
  }
***************
*** 519,524 ****
--- 549,555 ----
       case LDAP_FILTER_PRESENT:
        {
          guchar *string;
+         char *filterp;
      
          if (con != ASN1_PRI)
            return ASN1_ERR_WRONG_TYPE;
***************
*** 527,533 ****
            return ret;
          *filter_length += 4 + length;
          *filter = g_realloc(*filter, *filter_length);
!         sprintf(*filter + strlen(*filter), "(%.*s=*)", (int)length, string);
          g_free(string);
        }
        break;
--- 558,573 ----
            return ret;
          *filter_length += 4 + length;
          *filter = g_realloc(*filter, *filter_length);
!         filterp = *filter + strlen(*filter);
!         *filterp++ = '(';
!         if (length != 0) {
!           memcpy(filterp, string, length);
!           filterp += length;
!         }
!         *filterp++ = '=';
!         *filterp++ = '*';
!         *filterp++ = ')';
!         *filterp = '\0';
          g_free(string);
        }
        break;