[PATCH] make fetch_ldap_pw robust
vl at samba.org
vl at samba.org
Fri Apr 21 14:09:54 UTC 2017
Hi!
Review appreciated!
Thanks, Volker
-------------- next part --------------
From 6452825815e52ab18522d0a4f3c3ba676405ec88 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 21 Apr 2017 13:05:12 +0200
Subject: [PATCH 1/2] secrets: Protect against a non-0-terminated ldap password
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/secrets.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 4372c63..0ddee99 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -316,6 +316,13 @@ bool fetch_ldap_pw(char **dn, char** pw)
*pw=(char *)secrets_fetch(key, &size);
SAFE_FREE(key);
+ if ((size != 0) && ((*pw)[size-1] != '\0')) {
+ DBG_ERR("Non 0-terminated password for dn %s\n", *dn);
+ SAFE_FREE(*pw);
+ SAFE_FREE(*dn);
+ return false;
+ }
+
if (!size) {
/* Upgrade 2.2 style entry */
char *p;
--
1.9.1
From 3e5caed57f2c5dc89f20aee6d605cf0409760500 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 21 Apr 2017 14:10:33 +0200
Subject: [PATCH 2/2] tdbtool: Add "storehex" command
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/tdb/man/tdbtool.8.xml | 10 ++++++
lib/tdb/tools/tdbtool.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 97 insertions(+)
diff --git a/lib/tdb/man/tdbtool.8.xml b/lib/tdb/man/tdbtool.8.xml
index 9a9b95e..045cbde 100644
--- a/lib/tdb/man/tdbtool.8.xml
+++ b/lib/tdb/man/tdbtool.8.xml
@@ -160,6 +160,16 @@
</varlistentry>
<varlistentry>
+ <term><option>storehex</option>
+ <replaceable>KEY</replaceable>
+ <replaceable>DATA</replaceable>
+ </term>
+ <listitem><para>Store (replace) a record in the
+ current database where key and data are in hex format.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>show</option>
<replaceable>KEY</replaceable>
</term>
diff --git a/lib/tdb/tools/tdbtool.c b/lib/tdb/tools/tdbtool.c
index beb3af1..e3535b9 100644
--- a/lib/tdb/tools/tdbtool.c
+++ b/lib/tdb/tools/tdbtool.c
@@ -48,6 +48,7 @@ enum commands {
CMD_DUMP,
CMD_INSERT,
CMD_MOVE,
+ CMD_STOREHEX,
CMD_STORE,
CMD_SHOW,
CMD_KEYS,
@@ -83,6 +84,7 @@ COMMAND_TABLE cmd_table[] = {
{"dump", CMD_DUMP},
{"insert", CMD_INSERT},
{"move", CMD_MOVE},
+ {"storehex", CMD_STOREHEX},
{"store", CMD_STORE},
{"show", CMD_SHOW},
{"keys", CMD_KEYS},
@@ -229,6 +231,7 @@ static void help(void)
" info : print summary info about the database\n"
" insert key data : insert a record\n"
" move key file : move a record to a destination tdb\n"
+" storehex key data : store a record (replace), key/value in hex format\n"
" store key data : store a record (replace)\n"
" show key : show a record by key\n"
" delete key : delete a record by key\n"
@@ -346,6 +349,86 @@ static void store_tdb(char *keyname, size_t keylen, char* data, size_t datalen)
}
}
+static bool hexchar(char c, uint8_t *v)
+{
+ if ((c >= '0') && (c <= '9')) {
+ *v = (c - '0');
+ return true;
+ }
+ if ((c >= 'A') && (c <= 'F')) {
+ *v = (c - 'A' + 10);
+ return true;
+ }
+ if ((c >= 'a') && (c <= 'f')) {
+ *v = (c - 'a' + 10);
+ return true;
+ }
+ return false;
+}
+
+static bool parse_hex(const char *src, size_t srclen, uint8_t *dst)
+{
+ size_t i=0;
+
+ if ((srclen % 2) != 0) {
+ return false;
+ }
+
+ while (i<srclen) {
+ bool ok;
+ uint8_t hi,lo;
+
+ ok = (hexchar(src[i++], &hi) && hexchar(src[i++], &lo));
+ if (!ok) {
+ return false;
+ }
+ *dst = (hi<<4)|lo;
+ dst += 1;
+ }
+
+ return true;
+}
+
+static void store_hex_tdb(char *keystr, size_t keylen,
+ char *datastr, size_t datalen)
+{
+ if ((keystr == NULL) || (keylen == 0)) {
+ terror("need key");
+ return;
+ }
+ if ((datastr == NULL) || (datalen == 0)) {
+ terror("need data");
+ return;
+ }
+
+ {
+ uint8_t keybuf[keylen/2];
+ TDB_DATA key = { .dptr = keybuf, .dsize = sizeof(keybuf) };
+ uint8_t databuf[datalen/2];
+ TDB_DATA data = { .dptr = databuf, .dsize = sizeof(databuf) };
+ bool ok;
+
+ ok = parse_hex(keystr, keylen, keybuf);
+ if (!ok) {
+ terror("need hex key");
+ return;
+ }
+ ok = parse_hex(datastr, datalen, databuf);
+ if (!ok) {
+ terror("need hex data");
+ return;
+ }
+
+ printf("storing key/data:\n");
+ print_data((char *)key.dptr, key.dsize);
+ print_data((char *)data.dptr, data.dsize);
+
+ if (tdb_store(tdb, key, data, TDB_REPLACE) != 0) {
+ terror("store failed");
+ }
+ }
+}
+
static void show_tdb(char *keyname, size_t keylen)
{
TDB_DATA key, dbuf;
@@ -693,6 +776,10 @@ static int do_command(void)
bIterate = 0;
store_tdb(arg1,arg1len,arg2,arg2len);
return 0;
+ case CMD_STOREHEX:
+ bIterate = 0;
+ store_hex_tdb(arg1,arg1len,arg2,arg2len);
+ return 0;
case CMD_SHOW:
bIterate = 0;
show_tdb(arg1, arg1len);
--
1.9.1
More information about the samba-technical
mailing list