[PATCH] make fetch_ldap_pw robust
Jeremy Allison
jra at samba.org
Fri Apr 21 17:22:06 UTC 2017
On Fri, Apr 21, 2017 at 04:09:54PM +0200, vl--- via samba-technical wrote:
> Hi!
>
> Review appreciated!
Oh, I really like the storehex command. We've needed that
for a while - thanks !
> From 6452825815e52ab18522d0a4f3c3ba676405ec88 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Fri, 21 Apr 2017 13:05:12 +0200
> Subject: [PATCH 1/2] secrets: Protect against a non-0-terminated ldap password
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/passdb/secrets.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
> index 4372c63..0ddee99 100644
> --- a/source3/passdb/secrets.c
> +++ b/source3/passdb/secrets.c
> @@ -316,6 +316,13 @@ bool fetch_ldap_pw(char **dn, char** pw)
> *pw=(char *)secrets_fetch(key, &size);
> SAFE_FREE(key);
>
> + if ((size != 0) && ((*pw)[size-1] != '\0')) {
> + DBG_ERR("Non 0-terminated password for dn %s\n", *dn);
> + SAFE_FREE(*pw);
> + SAFE_FREE(*dn);
> + return false;
> + }
> +
> if (!size) {
> /* Upgrade 2.2 style entry */
> char *p;
> --
> 1.9.1
>
>
> From 3e5caed57f2c5dc89f20aee6d605cf0409760500 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Fri, 21 Apr 2017 14:10:33 +0200
> Subject: [PATCH 2/2] tdbtool: Add "storehex" command
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> lib/tdb/man/tdbtool.8.xml | 10 ++++++
> lib/tdb/tools/tdbtool.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 97 insertions(+)
>
> diff --git a/lib/tdb/man/tdbtool.8.xml b/lib/tdb/man/tdbtool.8.xml
> index 9a9b95e..045cbde 100644
> --- a/lib/tdb/man/tdbtool.8.xml
> +++ b/lib/tdb/man/tdbtool.8.xml
> @@ -160,6 +160,16 @@
> </varlistentry>
>
> <varlistentry>
> + <term><option>storehex</option>
> + <replaceable>KEY</replaceable>
> + <replaceable>DATA</replaceable>
> + </term>
> + <listitem><para>Store (replace) a record in the
> + current database where key and data are in hex format.
> + </para></listitem>
> + </varlistentry>
> +
> + <varlistentry>
> <term><option>show</option>
> <replaceable>KEY</replaceable>
> </term>
> diff --git a/lib/tdb/tools/tdbtool.c b/lib/tdb/tools/tdbtool.c
> index beb3af1..e3535b9 100644
> --- a/lib/tdb/tools/tdbtool.c
> +++ b/lib/tdb/tools/tdbtool.c
> @@ -48,6 +48,7 @@ enum commands {
> CMD_DUMP,
> CMD_INSERT,
> CMD_MOVE,
> + CMD_STOREHEX,
> CMD_STORE,
> CMD_SHOW,
> CMD_KEYS,
> @@ -83,6 +84,7 @@ COMMAND_TABLE cmd_table[] = {
> {"dump", CMD_DUMP},
> {"insert", CMD_INSERT},
> {"move", CMD_MOVE},
> + {"storehex", CMD_STOREHEX},
> {"store", CMD_STORE},
> {"show", CMD_SHOW},
> {"keys", CMD_KEYS},
> @@ -229,6 +231,7 @@ static void help(void)
> " info : print summary info about the database\n"
> " insert key data : insert a record\n"
> " move key file : move a record to a destination tdb\n"
> +" storehex key data : store a record (replace), key/value in hex format\n"
> " store key data : store a record (replace)\n"
> " show key : show a record by key\n"
> " delete key : delete a record by key\n"
> @@ -346,6 +349,86 @@ static void store_tdb(char *keyname, size_t keylen, char* data, size_t datalen)
> }
> }
>
> +static bool hexchar(char c, uint8_t *v)
> +{
> + if ((c >= '0') && (c <= '9')) {
> + *v = (c - '0');
> + return true;
> + }
> + if ((c >= 'A') && (c <= 'F')) {
> + *v = (c - 'A' + 10);
> + return true;
> + }
> + if ((c >= 'a') && (c <= 'f')) {
> + *v = (c - 'a' + 10);
> + return true;
> + }
> + return false;
> +}
> +
> +static bool parse_hex(const char *src, size_t srclen, uint8_t *dst)
> +{
> + size_t i=0;
> +
> + if ((srclen % 2) != 0) {
> + return false;
> + }
> +
> + while (i<srclen) {
> + bool ok;
> + uint8_t hi,lo;
> +
> + ok = (hexchar(src[i++], &hi) && hexchar(src[i++], &lo));
> + if (!ok) {
> + return false;
> + }
> + *dst = (hi<<4)|lo;
> + dst += 1;
> + }
> +
> + return true;
> +}
> +
> +static void store_hex_tdb(char *keystr, size_t keylen,
> + char *datastr, size_t datalen)
> +{
> + if ((keystr == NULL) || (keylen == 0)) {
> + terror("need key");
> + return;
> + }
> + if ((datastr == NULL) || (datalen == 0)) {
> + terror("need data");
> + return;
> + }
> +
> + {
> + uint8_t keybuf[keylen/2];
> + TDB_DATA key = { .dptr = keybuf, .dsize = sizeof(keybuf) };
> + uint8_t databuf[datalen/2];
> + TDB_DATA data = { .dptr = databuf, .dsize = sizeof(databuf) };
> + bool ok;
> +
> + ok = parse_hex(keystr, keylen, keybuf);
> + if (!ok) {
> + terror("need hex key");
> + return;
> + }
> + ok = parse_hex(datastr, datalen, databuf);
> + if (!ok) {
> + terror("need hex data");
> + return;
> + }
> +
> + printf("storing key/data:\n");
> + print_data((char *)key.dptr, key.dsize);
> + print_data((char *)data.dptr, data.dsize);
> +
> + if (tdb_store(tdb, key, data, TDB_REPLACE) != 0) {
> + terror("store failed");
> + }
> + }
> +}
> +
> static void show_tdb(char *keyname, size_t keylen)
> {
> TDB_DATA key, dbuf;
> @@ -693,6 +776,10 @@ static int do_command(void)
> bIterate = 0;
> store_tdb(arg1,arg1len,arg2,arg2len);
> return 0;
> + case CMD_STOREHEX:
> + bIterate = 0;
> + store_hex_tdb(arg1,arg1len,arg2,arg2len);
> + return 0;
> case CMD_SHOW:
> bIterate = 0;
> show_tdb(arg1, arg1len);
> --
> 1.9.1
>
More information about the samba-technical
mailing list