[PATCH] ITS#9404 fix serialNumberAndIssuerCheck

author Howard Chu <hyc@openldap.org>

Mon, 23 Nov 2020 17:14:00 +0000 (17:14 +0000)

committer Ryan Tandy <ryan@nardis.ca>

Sun, 14 Feb 2021 18:32:34 +0000 (18:32 +0000)
author Howard Chu <hyc@openldap.org>
Mon, 23 Nov 2020 17:14:00 +0000 (17:14 +0000)
committer Ryan Tandy <ryan@nardis.ca>
Sun, 14 Feb 2021 18:32:34 +0000 (18:32 +0000)
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c

index d6a54ad0b676e3388ab9947aa62818d7fafdb686..8e4b4bcc1382dc605e6070ff716e5ad0c1b01e9d 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -3189,7 +3189,7 @@ serialNumberAndIssuerCheck(
  
         if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
  
-       if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) {
+       if( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) {
                 /* Parse old format */
                 is->bv_val = ber_bvchr( in, '$' );
                 if( BER_BVISNULL( is ) ) return LDAP_INVALID_SYNTAX;
@@ -3220,7 +3220,7 @@ serialNumberAndIssuerCheck(
                         HAVE_ALL = ( HAVE_ISSUER | HAVE_SN )
                 } have = HAVE_NONE;
  
-               int numdquotes = 0;
+               int numdquotes = 0, gotquote;
                 struct berval x = *in;
                 struct berval ni;
                 x.bv_val++;
@@ -3262,11 +3262,12 @@ serialNumberAndIssuerCheck(
                                 is->bv_val = x.bv_val;
                                 is->bv_len = 0;
  
-                               for ( ; is->bv_len < x.bv_len; ) {
+                               for ( gotquote=0; is->bv_len < x.bv_len; ) {
                                         if ( is->bv_val[is->bv_len] != '"' ) {
                                                 is->bv_len++;
                                                 continue;
                                         }
+                                       gotquote = 1;
                                         if ( is->bv_val[is->bv_len+1] == '"' ) {
                                                 /* double dquote */
                                                 numdquotes++;
@@ -3275,6 +3276,8 @@ serialNumberAndIssuerCheck(
                                         }
                                         break;
                                 }
+                               if ( !gotquote ) return LDAP_INVALID_SYNTAX;
+
                                 x.bv_val += is->bv_len + 1;
                                 x.bv_len -= is->bv_len + 1;
author	Howard Chu <hyc@openldap.org>
	Mon, 23 Nov 2020 17:14:00 +0000 (17:14 +0000)
committer	Ryan Tandy <ryan@nardis.ca>
	Sun, 14 Feb 2021 18:32:34 +0000 (18:32 +0000)