[SCM] Samba Shared Repository - branch master updated

Kamen Mazdrashki kamenim at samba.org
Thu Oct 21 17:33:02 MDT 2010 

The branch, master has been updated
       via  2a00138 s4-dsdb/schema_syntax: Separate validation for numericoid OID values
       via  14cb61d asn1_tests: Implement negative unit-tests for ber_write_OID_String()
       via  6b63ad6 asn1: ber_write_OID_String() to be more picky about supplied OID
      from  c74ef7a waf: Mark the replacement zlib private so that it can build on machine without a system zlib

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2a001381e88b18b8612cdc2a40d9ea3c825548ea
Author: Kamen Mazdrashki <kamenim at samba.org>
Date:   Wed Oct 20 13:49:46 2010 +0300

    s4-dsdb/schema_syntax: Separate validation for numericoid OID values
    
    This implementation doesn't use prefixMap/Schema to validate
    numericoid OIDs. We may not have this OID yet, so I see no point
    checking schema for if we have it.
    
    Side effect of using prefixMap/Schema for validating numericoids
    is that we mistakenly add the OID to the prefixMap.
    This led to a corrupted prefixMap in LDB.
    
    Autobuild-User: Kamen Mazdrashki <kamenim at samba.org>
    Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104

commit 14cb61da8fe4fb24c3e066e5731d0be00ddb893b
Author: Kamen Mazdrashki <kamenim at samba.org>
Date:   Wed Oct 20 13:46:34 2010 +0300

    asn1_tests: Implement negative unit-tests for ber_write_OID_String()

commit 6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f
Author: Kamen Mazdrashki <kamenim at samba.org>
Date:   Wed Oct 20 13:45:59 2010 +0300

    asn1: ber_write_OID_String() to be more picky about supplied OID
    
    Now function will check for invalid OID handling cases where:
     - sub-identifier has invalid characters (non-digit)
     - 'dot' separator found on unexpected place. For instance
        '.' at start or end of the OID. Two '.' in a row.

-----------------------------------------------------------------------

Summary of changes:
 lib/util/asn1.c                     |    5 +++
 lib/util/tests/asn1_tests.c         |   22 +++++++++++++++
 source4/dsdb/schema/schema_syntax.c |   50 ++++++++++++++++++++++++++++++++--
 3 files changed, 74 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 2a71f2f..21d4bd4 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -221,10 +221,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
 	char *newp;
 	int i;
 
+	if (!isdigit(*p)) return false;
 	v = strtoul(p, &newp, 10);
 	if (newp[0] != '.') return false;
 	p = newp + 1;
 
+	if (!isdigit(*p)) return false;
 	v2 = strtoul(p, &newp, 10);
 	if (newp[0] != '.') return false;
 	p = newp + 1;
@@ -237,9 +239,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
 
 	i = 1;
 	while (*p) {
+		if (!isdigit(*p)) return false;
 		v = strtoul(p, &newp, 10);
 		if (newp[0] == '.') {
 			p = newp + 1;
+			/* check for empty last component */
+			if (!*p) return false;
 		} else if (newp[0] == '\0') {
 			p = newp;
 		} else {
diff --git a/lib/util/tests/asn1_tests.c b/lib/util/tests/asn1_tests.c
index b11e9d5..97f7756 100644
--- a/lib/util/tests/asn1_tests.c
+++ b/lib/util/tests/asn1_tests.c
@@ -64,6 +64,17 @@ static const struct oid_data oid_data_ok[] = {
 	},
 };
 
+/* Data for successful OIDs conversions */
+static const char *oid_data_err[] = {
+		"",		/* empty OID */
+		".2.5.4.130",	/* first sub-identifier is empty */
+		"2.5.4.130.",	/* last sub-identifier is empty */
+		"2..5.4.130",	/* second sub-identifier is empty */
+		"2.5..4.130",	/* third sub-identifier is empty */
+		"2.abc.4.130", 	/* invalid sub-identifier */
+		"2.5abc.4.130", /* invalid sub-identifier (alpha-numeric)*/
+};
+
 /* Data for successful Partial OIDs conversions */
 static const struct oid_data partial_oid_data_ok[] = {
 	{
@@ -104,6 +115,7 @@ static bool test_ber_write_OID_String(struct torture_context *tctx)
 
 	mem_ctx = talloc_new(tctx);
 
+	/* check for valid OIDs */
 	for (i = 0; i < ARRAY_SIZE(oid_data_ok); i++) {
 		torture_assert(tctx, ber_write_OID_String(mem_ctx, &blob, data[i].oid),
 				"ber_write_OID_String failed");
@@ -117,6 +129,16 @@ static bool test_ber_write_OID_String(struct torture_context *tctx)
 						data[i].oid, data[i].bin_oid));
 	}
 
+	/* check for invalid OIDs */
+	for (i = 0; i < ARRAY_SIZE(oid_data_err); i++) {
+		torture_assert(tctx,
+			       !ber_write_OID_String(mem_ctx, &blob, oid_data_err[i]),
+			       talloc_asprintf(mem_ctx,
+					       "Should fail for [%s] -> %s",
+					       oid_data_err[i],
+					       hex_encode_talloc(mem_ctx, blob.data, blob.length)));
+	}
+
 	talloc_free(mem_ctx);
 
 	return true;
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index db53aea..d6e4527 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -30,6 +30,7 @@
 #include "system/time.h"
 #include "../lib/util/charset/charset.h"
 #include "librpc/ndr/libndr.h"
+#include "../lib/util/asn1.h"
 
 /**
  * Initialize dsdb_syntax_ctx with default values
@@ -1303,6 +1304,44 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
 	return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ctx, attr, in, mem_ctx, out);
 }
 
+static WERROR _dsdb_syntax_OID_validate_numericoid(const struct dsdb_syntax_ctx *ctx,
+						   const struct dsdb_attribute *attr,
+						   const struct ldb_message_element *in)
+{
+	unsigned int i;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(ctx->ldb);
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
+
+	for (i=0; i < in->num_values; i++) {
+		DATA_BLOB blob;
+		const char *oid_out;
+		const char *oid = (const char*)in->values[i].data;
+
+		if (!ber_write_OID_String(tmp_ctx, &blob, oid)) {
+			DEBUG(0,("ber_write_OID_String() failed for %s\n", oid));
+			talloc_free(tmp_ctx);
+			return WERR_INVALID_PARAMETER;
+		}
+
+		if (!ber_read_OID_String(tmp_ctx, blob, &oid_out)) {
+			DEBUG(0,("ber_read_OID_String() failed for %s\n",
+				 hex_encode_talloc(tmp_ctx, blob.data, blob.length)));
+			talloc_free(tmp_ctx);
+			return WERR_INVALID_PARAMETER;
+		}
+
+		if (strcmp(oid, oid_out) != 0) {
+			talloc_free(tmp_ctx);
+			return WERR_INVALID_PARAMETER;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return WERR_OK;
+}
+
 static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
 					   const struct dsdb_attribute *attr,
 					   const struct ldb_message_element *in)
@@ -1316,14 +1355,19 @@ static WERROR dsdb_syntax_OID_validate_ldb(const struct dsdb_syntax_ctx *ctx,
 		return WERR_FOOBAR;
 	}
 
+	switch (attr->attributeID_id) {
+	case DRSUAPI_ATTRIBUTE_governsID:
+	case DRSUAPI_ATTRIBUTE_attributeID:
+	case DRSUAPI_ATTRIBUTE_attributeSyntax:
+		return _dsdb_syntax_OID_validate_numericoid(ctx, attr, in);
+	}
+
 	/*
 	 * TODO: optimize and verify this code
 	 */
 
 	tmp_ctx = talloc_new(ctx->ldb);
-	if (tmp_ctx == NULL) {
-		return WERR_NOMEM;
-	}
+	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
 
 	status = dsdb_syntax_OID_ldb_to_drsuapi(ctx,
 						attr,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list