9397
|
1 |
--- libraries/liblber/io.c 2003/01/23 14:17:29 1.1
|
|
2 |
+++ libraries/liblber/io.c 2003/01/23 14:19:27
|
|
3 |
@@ -475,16 +475,14 @@
|
|
4 |
|
|
5 |
while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
|
|
6 |
(char *)(&ber->ber_usertag + 1)) {
|
|
7 |
- ber_slen_t i;
|
|
8 |
+ ber_slen_t sblen;
|
|
9 |
char buf[sizeof(ber->ber_len)-1];
|
|
10 |
ber_len_t tlen = 0;
|
|
11 |
|
|
12 |
- if ((i=ber_int_sb_read( sb, ber->ber_rwptr,
|
|
13 |
- (char *)(&ber->ber_usertag+1)-ber->ber_rwptr))<=0) {
|
|
14 |
- return LBER_DEFAULT;
|
|
15 |
- }
|
|
16 |
-
|
|
17 |
- ber->ber_rwptr += i;
|
|
18 |
+ sblen=ber_int_sb_read( sb, ber->ber_rwptr,
|
|
19 |
+ (char *)(&ber->ber_usertag+1)-ber->ber_rwptr);
|
|
20 |
+ if (sblen<=0) return LBER_DEFAULT;
|
|
21 |
+ ber->ber_rwptr += sblen;
|
|
22 |
|
|
23 |
/* We got at least one byte, try to parse the tag. */
|
|
24 |
if (ber->ber_ptr == (char *)&ber->ber_len-1) {
|
|
25 |
@@ -492,6 +490,7 @@
|
|
26 |
unsigned char *p = (unsigned char *)ber->ber_ptr;
|
|
27 |
tag = *p++;
|
|
28 |
if ((tag & LBER_BIG_TAG_MASK) == LBER_BIG_TAG_MASK) {
|
|
29 |
+ ber_len_t i;
|
|
30 |
for (i=1; (char *)p<ber->ber_rwptr; i++,p++) {
|
|
31 |
tag <<= 8;
|
|
32 |
tag |= *p;
|
|
33 |
@@ -511,12 +510,14 @@
|
|
34 |
}
|
|
35 |
ber->ber_tag = tag;
|
|
36 |
ber->ber_ptr = (char *)p;
|
|
37 |
+
|
|
38 |
+ if (sblen == 1) continue;
|
|
39 |
}
|
|
40 |
|
|
41 |
- if (i == 1) continue;
|
|
42 |
|
|
43 |
/* Now look for the length */
|
|
44 |
if (*ber->ber_ptr & 0x80) { /* multi-byte */
|
|
45 |
+ ber_len_t i;
|
|
46 |
int llen = *(unsigned char *)ber->ber_ptr++ & 0x7f;
|
|
47 |
if (llen > (int)sizeof(ber_len_t)) {
|
|
48 |
errno = ERANGE;
|
|
49 |
@@ -526,23 +527,27 @@
|
|
50 |
if (ber->ber_rwptr - ber->ber_ptr < llen) {
|
|
51 |
return LBER_DEFAULT;
|
|
52 |
}
|
|
53 |
- for (i=0; i<llen && ber->ber_ptr<ber->ber_rwptr; i++,ber->ber_ptr++) {
|
|
54 |
+ for (i=0;
|
|
55 |
+ i<llen && ber->ber_ptr<ber->ber_rwptr;
|
|
56 |
+ i++,ber->ber_ptr++)
|
|
57 |
+ {
|
|
58 |
tlen <<=8;
|
|
59 |
tlen |= *(unsigned char *)ber->ber_ptr;
|
|
60 |
}
|
|
61 |
} else {
|
|
62 |
tlen = *(unsigned char *)ber->ber_ptr++;
|
|
63 |
}
|
|
64 |
+
|
|
65 |
/* Are there leftover data bytes inside ber->ber_len? */
|
|
66 |
if (ber->ber_ptr < (char *)&ber->ber_usertag) {
|
|
67 |
if (ber->ber_rwptr < (char *)&ber->ber_usertag)
|
|
68 |
- i = ber->ber_rwptr - ber->ber_ptr;
|
|
69 |
+ sblen = ber->ber_rwptr - ber->ber_ptr;
|
|
70 |
else
|
|
71 |
- i = (char *)&ber->ber_usertag - ber->ber_ptr;
|
|
72 |
- AC_MEMCPY(buf, ber->ber_ptr, i);
|
|
73 |
- ber->ber_ptr += i;
|
|
74 |
+ sblen = (char *)&ber->ber_usertag - ber->ber_ptr;
|
|
75 |
+ AC_MEMCPY(buf, ber->ber_ptr, sblen);
|
|
76 |
+ ber->ber_ptr += sblen;
|
|
77 |
} else {
|
|
78 |
- i = 0;
|
|
79 |
+ sblen = 0;
|
|
80 |
}
|
|
81 |
ber->ber_len = tlen;
|
|
82 |
|
|
83 |
@@ -552,7 +557,9 @@
|
|
84 |
if ( ber->ber_len == 0 ) {
|
|
85 |
errno = ERANGE;
|
|
86 |
return LBER_DEFAULT;
|
|
87 |
- } else if ( sb->sb_max_incoming && ber->ber_len > sb->sb_max_incoming ) {
|
|
88 |
+ }
|
|
89 |
+
|
|
90 |
+ if ( sb->sb_max_incoming && ber->ber_len > sb->sb_max_incoming ) {
|
|
91 |
#ifdef NEW_LOGGING
|
|
92 |
LDAP_LOG( BER, ERR,
|
|
93 |
"ber_get_next: sockbuf_max_incoming limit hit "
|
|
94 |
@@ -572,7 +579,7 @@
|
|
95 |
* make sure ber->ber_len agrees with what we've
|
|
96 |
* already read.
|
|
97 |
*/
|
|
98 |
- if ( ber->ber_len < i + l ) {
|
|
99 |
+ if ( ber->ber_len < sblen + l ) {
|
|
100 |
errno = ERANGE;
|
|
101 |
return LBER_DEFAULT;
|
|
102 |
}
|
|
103 |
@@ -581,19 +588,19 @@
|
|
104 |
return LBER_DEFAULT;
|
|
105 |
}
|
|
106 |
ber->ber_end = ber->ber_buf + ber->ber_len;
|
|
107 |
- if (i) {
|
|
108 |
- AC_MEMCPY(ber->ber_buf, buf, i);
|
|
109 |
+ if (sblen) {
|
|
110 |
+ AC_MEMCPY(ber->ber_buf, buf, sblen);
|
|
111 |
}
|
|
112 |
if (l > 0) {
|
|
113 |
- AC_MEMCPY(ber->ber_buf + i, ber->ber_ptr, l);
|
|
114 |
- i += l;
|
|
115 |
+ AC_MEMCPY(ber->ber_buf + sblen, ber->ber_ptr, l);
|
|
116 |
+ sblen += l;
|
|
117 |
}
|
|
118 |
ber->ber_ptr = ber->ber_buf;
|
|
119 |
ber->ber_usertag = 0;
|
|
120 |
- if ((ber_len_t)i == ber->ber_len) {
|
|
121 |
+ if ((ber_len_t)sblen == ber->ber_len) {
|
|
122 |
goto done;
|
|
123 |
}
|
|
124 |
- ber->ber_rwptr = ber->ber_buf + i;
|
|
125 |
+ ber->ber_rwptr = ber->ber_buf + sblen;
|
|
126 |
}
|
|
127 |
}
|
|
128 |
|
|
129 |
@@ -605,8 +612,7 @@
|
|
130 |
assert( to_go > 0 );
|
|
131 |
|
|
132 |
res = ber_int_sb_read( sb, ber->ber_rwptr, to_go );
|
|
133 |
- if (res<=0)
|
|
134 |
- return LBER_DEFAULT;
|
|
135 |
+ if (res<=0) return LBER_DEFAULT;
|
|
136 |
ber->ber_rwptr+=res;
|
|
137 |
|
|
138 |
if (res<to_go) {
|
|
139 |
--- libraries/liblber/decode.c 2003/01/23 14:17:37 1.1
|
|
140 |
+++ libraries/liblber/decode.c 2003/01/23 14:17:43
|
|
141 |
@@ -603,7 +603,7 @@
|
|
142 |
|
|
143 |
assert( LBER_VALID( ber ) );
|
|
144 |
|
|
145 |
- if ( ber->ber_ptr == last ) {
|
|
146 |
+ if ( ber->ber_ptr >= last ) {
|
|
147 |
return LBER_DEFAULT;
|
|
148 |
}
|
|
149 |
|