[exim-cvs] LDAP: fix taint-check in server list walk. Bug 2…

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] LDAP: fix taint-check in server list walk. Bug 2646
Gitweb: https://git.exim.org/exim.git/commitdiff/51b611aa81d7ee01243b196abc34a0e2eabd293c
Commit:     51b611aa81d7ee01243b196abc34a0e2eabd293c
Parent:     61eac6b579e27f3959c7048a17ac5a36b0c32002
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Oct 30 12:46:05 2020 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Fri Oct 30 12:46:05 2020 +0000


    LDAP: fix taint-check in server list walk.  Bug 2646
---
 doc/doc-txt/ChangeLog  |  7 ++++++-
 src/src/lookups/ldap.c | 14 ++++++--------
 test/confs/9001        |  2 +-
 3 files changed, 13 insertions(+), 10 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1ce732f..9592181 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -121,10 +121,15 @@ PP/01 Fix default prime selection to be consistent.
       execution flows will use the same DH primes (currently
       exim.dev.20160529.3).


-JH/25 OpenSSL: Fix back-compatibiility behaviour surrounding tls_certificates
+JH/25 OpenSSL: Fix back-compatibility behaviour surrounding tls_certificates
       option in smtp transport, to match the documentation.  Previously
       verification was not being done in some cases where it should have been.


+JH/26 Bug 2646: fix a memory usage issue in ldap lookups.  Previously, when more
+      than one server was defined and depending on the platform memory layout
+      details, an internal consistency trap could be hit while walking the list
+      of servers.
+


Exim version 4.94
-----------------
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index e2dbe51..1674c9f 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -1091,9 +1091,7 @@ const uschar *p;
uschar *user = NULL;
uschar *password = NULL;
uschar *local_servers = NULL;
-uschar *server;
const uschar *list;
-uschar buffer[512];

while (isspace(*url)) url++;

@@ -1251,13 +1249,13 @@ if (!eldap_default_servers && !local_servers  || p[3] != '/')
     &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
     referrals);


-/* Loop through the default servers until OK or FAIL. Use local_servers list
- * if defined in the lookup, otherwise use the global default list */
-list = !local_servers ? eldap_default_servers : local_servers;
-while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
+/* Loop through the servers until OK or FAIL. Use local_servers list
+if defined in the lookup, otherwise use the global default list */
+
+list = local_servers ? local_servers : eldap_default_servers;
+for (uschar * server; server = string_nextinlist(&list, &sep, NULL, 0); )
   {
-  int rc;
-  int port = 0;
+  int rc, port = 0;
   uschar *colon = Ustrchr(server, ':');
   if (colon)
     {
diff --git a/test/confs/9001 b/test/confs/9001
index a1f4ba3..ba5a168 100644
--- a/test/confs/9001
+++ b/test/confs/9001
@@ -18,7 +18,7 @@ r0:


 r1:
   driver = redirect
-  data = ${lookup ldap user="cn=xxx,o=yyy,c=UK" pass="secret" \
+  data = ${lookup ldap {USER="cn=xxx,o=yyy,c=UK" PASS="secret" \
          ldap:///o=zzz,c=UK,?sn?sub?(cn=foo)}}