fix parsing logic of ldap.conf file (#1033662)

This commit is contained in:
Petr Lautrbach 2013-11-26 11:10:04 +01:00
parent 8f439b3006
commit 36a09e37e8

View File

@ -759,10 +759,9 @@ diff -up openssh-6.2p1/ldapbody.h.ldap openssh-6.2p1/ldapbody.h
+ +
+#endif /* LDAPBODY_H */ +#endif /* LDAPBODY_H */
+ +
diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c --- openssh-6.4p1/ldapconf.c.ldap 2013-11-26 10:31:03.513794385 +0100
--- openssh-6.2p2/ldapconf.c.ldap 2013-06-07 15:10:05.601942693 +0200 +++ openssh-6.4p1/ldapconf.c 2013-11-26 10:38:15.474635149 +0100
+++ openssh-6.2p2/ldapconf.c 2013-06-07 15:10:24.928857566 +0200 @@ -0,0 +1,720 @@
@@ -0,0 +1,691 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved. + * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
@ -886,6 +885,35 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ return lBadOption; + return lBadOption;
+} +}
+ +
+/* Characters considered whitespace in strsep calls. */
+#define WHITESPACE " \t\r\n"
+
+/* return next token in configuration line */
+static char *
+ldap_strdelim(char **s)
+{
+ char *old;
+ int wspace = 0;
+
+ if (*s == NULL)
+ return NULL;
+
+ old = *s;
+
+ *s = strpbrk(*s, WHITESPACE);
+ if (*s == NULL)
+ return (old);
+
+ *s[0] = '\0';
+
+ /* Skip any extra whitespace after first token */
+ *s += strspn(*s + 1, WHITESPACE) + 1;
+ if (*s[0] == '=' && !wspace)
+ *s += strspn(*s + 1, WHITESPACE) + 1;
+
+ return (old);
+}
+
+/* +/*
+ * Processes a single option line as used in the configuration files. This + * Processes a single option line as used in the configuration files. This
+ * only sets those values that have not already been set. + * only sets those values that have not already been set.
@ -909,11 +937,11 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ +
+ s = line; + s = line;
+ /* Get the keyword. (Each line is supposed to begin with a keyword). */ + /* Get the keyword. (Each line is supposed to begin with a keyword). */
+ if ((keyword = strdelim(&s)) == NULL) + if ((keyword = ldap_strdelim(&s)) == NULL)
+ return 0; + return 0;
+ /* Ignore leading whitespace. */ + /* Ignore leading whitespace. */
+ if (*keyword == '\0') + if (*keyword == '\0')
+ keyword = strdelim(&s); + keyword = ldap_strdelim(&s);
+ if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') + if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
+ return 0; + return 0;
+ +
@ -949,7 +977,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ case lBindPW: + case lBindPW:
+ charptr = &options.bindpw; + charptr = &options.bindpw;
+parse_string: +parse_string:
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", filename, linenum); + fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (*charptr == NULL) + if (*charptr == NULL)
@ -962,7 +990,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ +
+ case lScope: + case lScope:
+ intptr = &options.scope; + intptr = &options.scope;
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing sub/one/base argument.", filename, linenum); + fatal("%.200s line %d: Missing sub/one/base argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */ + value = 0; /* To avoid compiler warning... */
@ -980,7 +1008,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ +
+ case lDeref: + case lDeref:
+ intptr = &options.scope; + intptr = &options.scope;
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing never/searching/finding/always argument.", filename, linenum); + fatal("%.200s line %d: Missing never/searching/finding/always argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */ + value = 0; /* To avoid compiler warning... */
@ -1001,7 +1029,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ case lPort: + case lPort:
+ intptr = &options.port; + intptr = &options.port;
+parse_int: +parse_int:
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", filename, linenum); + fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (arg[0] < '0' || arg[0] > '9') + if (arg[0] < '0' || arg[0] > '9')
@ -1018,7 +1046,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ case lTimeLimit: + case lTimeLimit:
+ intptr = &options.timelimit; + intptr = &options.timelimit;
+parse_time: +parse_time:
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%s line %d: missing time value.", + fatal("%s line %d: missing time value.",
+ filename, linenum); + filename, linenum);
@ -1039,7 +1067,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ +
+ case lBind_Policy: + case lBind_Policy:
+ intptr = &options.bind_policy; + intptr = &options.bind_policy;
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing soft/hard argument.", filename, linenum); + fatal("%.200s line %d: Missing soft/hard argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */ + value = 0; /* To avoid compiler warning... */
@ -1058,7 +1086,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ +
+ case lSSL: + case lSSL:
+ intptr = &options.ssl; + intptr = &options.ssl;
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing yes/no/start_tls argument.", filename, linenum); + fatal("%.200s line %d: Missing yes/no/start_tls argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */ + value = 0; /* To avoid compiler warning... */
@ -1077,7 +1105,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ case lReferrals: + case lReferrals:
+ intptr = &options.referrals; + intptr = &options.referrals;
+parse_flag: +parse_flag:
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing yes/no argument.", filename, linenum); + fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */ + value = 0; /* To avoid compiler warning... */
@ -1097,7 +1125,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ +
+ case lTLS_CheckPeer: + case lTLS_CheckPeer:
+ intptr = &options.tls_checkpeer; + intptr = &options.tls_checkpeer;
+ arg = strdelim(&s); + arg = ldap_strdelim(&s);
+ if (!arg || *arg == '\0') + if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing never/hard/demand/alow/try argument.", filename, linenum); + fatal("%.200s line %d: Missing never/hard/demand/alow/try argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */ + value = 0; /* To avoid compiler warning... */
@ -1171,7 +1199,7 @@ diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+ } + }
+ +
+ /* Check that there is no garbage at end of line. */ + /* Check that there is no garbage at end of line. */
+ if ((arg = strdelim(&s)) != NULL && *arg != '\0') { + if ((arg = ldap_strdelim(&s)) != NULL && *arg != '\0') {
+ fatal("%.200s line %d: garbage at end of line; \"%.200s\".", + fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
+ filename, linenum, arg); + filename, linenum, arg);
+ } + }