--- libraries/liblber/decode.c 2007/03/23 14:27:38 1.108
+++ libraries/liblber/decode.c 2007/08/24 19:58:20 1.111
@@ -1,5 +1,5 @@
/* decode.c - ber input decoding routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.107 2007/03/20 14:10:16 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.110 2007/07/23 10:57:23 hallvard Exp $ */
/* This work is part of OpenLDAP Software .
*
* Copyright 1998-2007 The OpenLDAP Foundation.
@@ -49,32 +49,44 @@ static ber_len_t ber_getnint LDAP_P((
int
ber_decode_oid( BerValue *in, BerValue *out )
{
- unsigned char *der = in->bv_val;
- unsigned long val, val1;
- int i, len;
+ const unsigned char *der;
+ unsigned long val;
+ unsigned val1;
+ ber_len_t i;
char *ptr;
assert( in != NULL );
assert( out != NULL );
- /* expands by 5/2, and we add dots - call it 3 */
- if ( !out->bv_val || out->bv_len < in->bv_len * 3 )
+ /* need 4 chars/inbyte + \0 for input={7f 7f 7f...} */
+ if ( !out->bv_val || (out->bv_len+3)/4 <= in->bv_len )
return -1;
- val1 = der[0] / 40;
- val = der[0] - val1 * 40;
-
- len = sprintf( out->bv_val, "%ld.%ld", val1, val );
- ptr = out->bv_val + len;
+ ptr = NULL;
+ der = (unsigned char *) in->bv_val;
val = 0;
- for ( i=1; ibv_len; i++ ) {
- val = val << 7;
+ for ( i=0; i < in->bv_len; i++ ) {
val |= der[i] & 0x7f;
if ( !( der[i] & 0x80 )) {
- ptr += sprintf( ptr, ".%ld", val );
+ if ( ptr == NULL ) {
+ /* Initial "x.y": val=x*40+y, x<=2, y<40 if x=2 */
+ ptr = out->bv_val;
+ val1 = (val < 80 ? val/40 : 2);
+ val -= val1*40;
+ ptr += sprintf( ptr, "%u", val1 );
+ }
+ ptr += sprintf( ptr, ".%lu", val );
val = 0;
+ } else if ( val - 1UL < LBER_OID_COMPONENT_MAX >> 7 ) {
+ val <<= 7;
+ } else {
+ /* val would overflow, or is 0 from invalid initial 0x80 octet */
+ return -1;
}
}
+ if ( ptr == NULL || val != 0 )
+ return -1;
+
out->bv_len = ptr - out->bv_val;
return 0;
}
@@ -407,7 +419,7 @@ ber_get_stringbvl( bgbvr *b, ber_len_t *
case BvOff:
*b->res.ba = ber_memalloc_x( (n+1) * b->siz, b->ber->ber_memctx );
if ( *b->res.ba == NULL ) return LBER_DEFAULT;
- ((struct berval *)((long)(*b->res.ba) + n*b->siz +
+ ((struct berval *)((char *)(*b->res.ba) + n*b->siz +
b->off))->bv_val = NULL;
break;
}
@@ -440,7 +452,7 @@ ber_get_stringbvl( bgbvr *b, ber_len_t *
*bvp = bv;
break;
case BvOff:
- *(BerVarray)((long)(*b->res.ba)+n*b->siz+b->off) = bv;
+ *(BerVarray)((char *)(*b->res.ba)+n*b->siz+b->off) = bv;
break;
}
}