--- libraries/liblber/decode.c 2001/12/04 05:14:16 1.65 +++ libraries/liblber/decode.c 2002/01/03 02:11:14 1.72 @@ -1,5 +1,5 @@ /* decode.c - ber input decoding routines */ -/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.64 2001/12/04 05:10:10 kurt Exp $ */ +/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.71 2002/01/03 01:53:41 hyc Exp $ */ /* * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file @@ -137,8 +137,13 @@ ber_skip_tag( BerElement *ber, ber_len_t *len = lc; } + /* BER length should be non-negative */ + if( *len < 0 ) { + return LBER_DEFAULT; + } + /* BER element should have enough data left */ - if( *len > ber_pvt_ber_remaining( ber ) ) { + if( *len > (ber_len_t) ber_pvt_ber_remaining( ber ) ) { return LBER_DEFAULT; } @@ -273,32 +278,126 @@ ber_get_stringb( return tag; } +enum bgbvc { ChArray, BvArray, BvVec }; + +typedef struct bgbvr { + BerElement *ber; + enum bgbvc choice; + ber_tag_t tag; + ber_len_t len; + char *last; + union { + char ***c; + BVarray *ba; + struct berval ***bv; + } res; +} bgbvr; + +ber_tag_t +ber_get_stringbvr( bgbvr *b, int n ) +{ + struct berval bv, *bvp = NULL; + + if ( n ) + b->tag = ber_next_element( b->ber, &b->len, b->last ); + else + b->tag = ber_first_element( b->ber, &b->len, &b->last ); + + if ( b->tag == LBER_DEFAULT ) + { + if ( n == 0 ) { + *b->res.c = NULL; + return 0; + } + /* do the allocation */ + switch (b->choice) { + case ChArray: + *b->res.c = LBER_MALLOC( (n+1) * sizeof( char * )); + (*b->res.c)[n] = NULL; + break; + case BvArray: + *b->res.ba = LBER_MALLOC( (n+1) * sizeof( struct berval )); + (*b->res.ba)[n].bv_val = NULL; + break; + case BvVec: + *b->res.bv = LBER_MALLOC( (n+1) * sizeof( struct berval *)); + (*b->res.bv)[n] = NULL; + break; + } + return 0; + } + + if ( b->choice == BvVec ) + bvp = LBER_MALLOC( sizeof( struct berval )); + + if ( ber_get_stringbv( b->ber, &bv ) == LBER_DEFAULT ) { + if ( bvp ) LBER_FREE( bvp ); + return LBER_DEFAULT; + } + + b->tag = ber_get_stringbvr( b, n+1 ); + if ( b->tag == 0 ) + { + /* store my result */ + switch (b->choice) { + case ChArray: + (*b->res.c)[n] = bv.bv_val; + break; + case BvArray: + (*b->res.ba)[n] = bv; + break; + case BvVec: + (*b->res.bv)[n] = bvp; + *bvp = bv; + break; + } + } else { + if ( bvp ) LBER_FREE( bvp ); + LBER_FREE( bv.bv_val ); + } + return b->tag; +} + ber_tag_t -ber_get_stringa( BerElement *ber, char **buf ) +ber_get_stringbv( BerElement *ber, struct berval *bv ) { - ber_len_t datalen; ber_tag_t tag; assert( ber != NULL ); - assert( buf != NULL ); + assert( bv != NULL ); assert( LBER_VALID( ber ) ); - if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT ) { - *buf = NULL; + if ( (tag = ber_skip_tag( ber, &bv->bv_len )) == LBER_DEFAULT ) { + bv->bv_val = NULL; return LBER_DEFAULT; } - if ( (*buf = (char *) LBER_MALLOC( datalen + 1 )) == NULL ) { + if ( (bv->bv_val = (char *) LBER_MALLOC( bv->bv_len + 1 )) == NULL ) { return LBER_DEFAULT; } - if ( (ber_len_t) ber_read( ber, *buf, datalen ) != datalen ) { - LBER_FREE( *buf ); - *buf = NULL; + if ( bv->bv_len > 0 && (ber_len_t) ber_read( ber, bv->bv_val, + bv->bv_len ) != bv->bv_len ) { + LBER_FREE( bv->bv_val ); + bv->bv_val = NULL; return LBER_DEFAULT; } - (*buf)[datalen] = '\0'; + bv->bv_val[bv->bv_len] = '\0'; + + return tag; +} + +ber_tag_t +ber_get_stringa( BerElement *ber, char **buf ) +{ + BerValue bv; + ber_tag_t tag; + + assert( buf != NULL ); + + tag = ber_get_stringbv( ber, &bv ); + *buf = bv.bv_val; return tag; } @@ -306,46 +405,21 @@ ber_get_stringa( BerElement *ber, char * ber_tag_t ber_get_stringal( BerElement *ber, struct berval **bv ) { - ber_len_t len; ber_tag_t tag; assert( ber != NULL ); assert( bv != NULL ); - assert( LBER_VALID( ber ) ); - - if ( (tag = ber_skip_tag( ber, &len )) == LBER_DEFAULT ) { - *bv = NULL; - return LBER_DEFAULT; - } - *bv = (struct berval *) LBER_MALLOC( sizeof(struct berval) ); if ( *bv == NULL ) { return LBER_DEFAULT; } - if( len == 0 ) { - (*bv)->bv_val = NULL; - (*bv)->bv_len = 0; - return tag; - } - - (*bv)->bv_val = (char *) LBER_MALLOC( len + 1 ); - if ( (*bv)->bv_val == NULL ) { + tag = ber_get_stringbv( ber, *bv ); + if ( tag == LBER_DEFAULT ) { LBER_FREE( *bv ); *bv = NULL; - return LBER_DEFAULT; } - - if ( (ber_len_t) ber_read( ber, (*bv)->bv_val, len ) != len ) { - ber_bvfree( *bv ); - *bv = NULL; - return LBER_DEFAULT; - } - - ((*bv)->bv_val)[len] = '\0'; - (*bv)->bv_len = len; - return tag; } @@ -474,6 +548,9 @@ ber_next_element( return ber_peek_tag( ber, len ); } +/* Hopefully no one sends vectors with more elements than this */ +/* #define TMP_SLOTS 1024 */ + /* VARARGS */ ber_tag_t ber_scanf ( BerElement *ber, @@ -557,8 +634,7 @@ ber_scanf ( BerElement *ber, case 'o': /* octet string in a supplied berval */ bval = va_arg( ap, struct berval * ); - ber_peek_tag( ber, &bval->bv_len ); - rc = ber_get_stringa( ber, &bval->bv_val ); + rc = ber_get_stringbv( ber, bval ); break; case 'O': /* octet string - allocate & include length */ @@ -583,6 +659,9 @@ ber_scanf ( BerElement *ber, break; case 'v': /* sequence of strings */ + { +#ifdef TMP_SLOTS + char *tmp[TMP_SLOTS]; sss = va_arg( ap, char *** ); *sss = NULL; j = 0; @@ -590,25 +669,36 @@ ber_scanf ( BerElement *ber, tag != LBER_DEFAULT && rc != LBER_DEFAULT; tag = ber_next_element( ber, &len, last ) ) { - char **save = *sss; - - *sss = (char **) LBER_REALLOC( *sss, - (j + 2) * sizeof(char *) ); - - if( *sss == NULL ) { - save[j] = NULL; - ber_memvfree( (void **) save ); + rc = ber_get_stringa( ber, &tmp[j] ); + j++; + assert(j < TMP_SLOTS); + } + if (j > 0 && rc != LBER_DEFAULT ) { + *sss = (char **)LBER_MALLOC( (j+1) * sizeof(char *)); + if (*sss == NULL) { rc = LBER_DEFAULT; - goto breakout; + } else { + (*sss)[j] = NULL; + for (j--; j>=0; j--) + (*sss)[j] = tmp[j]; } - - rc = ber_get_stringa( ber, &((*sss)[j]) ); - j++; } - if ( j > 0 ) (*sss)[j] = NULL; + if ( rc == LBER_DEFAULT ) { + for (j--; j>=0; j--) + LBER_FREE(tmp[j]); + } +#else + bgbvr cookie = { ber, ChArray }; + cookie.res.c = va_arg( ap, char *** ); + rc = ber_get_stringbvr( &cookie, 0 ); +#endif break; + } case 'V': /* sequence of strings + lengths */ + { +#ifdef TMP_SLOTS + struct berval *tmp[TMP_SLOTS]; bv = va_arg( ap, struct berval *** ); *bv = NULL; j = 0; @@ -616,23 +706,69 @@ ber_scanf ( BerElement *ber, tag != LBER_DEFAULT && rc != LBER_DEFAULT; tag = ber_next_element( ber, &len, last ) ) { - struct berval **save = *bv; - - *bv = (struct berval **) LBER_REALLOC( *bv, - (j + 2) * sizeof(struct berval *) ); - - if( *bv == NULL ) { - save[j] = NULL; - ber_bvecfree( save ); + rc = ber_get_stringal( ber, &tmp[j] ); + j++; + assert( j < TMP_SLOTS); + } + if (j > 0 && rc != LBER_DEFAULT ) { + *bv = (struct berval **)LBER_MALLOC( (j+1) * sizeof(struct berval *)); + if (*bv == NULL) { rc = LBER_DEFAULT; - goto breakout; + } else { + (*bv)[j] = NULL; + for (j--; j>=0; j--) + (*bv)[j] = tmp[j]; } + } + if ( rc == LBER_DEFAULT ) { + for (j--; j>=0; j--) + ber_bvfree(tmp[j]); + } +#else + bgbvr cookie = { ber, BvVec }; + cookie.res.bv = va_arg( ap, struct berval *** ); + rc = ber_get_stringbvr( &cookie, 0 ); +#endif + break; + } - rc = ber_get_stringal( ber, &((*bv)[j]) ); + case 'W': /* bvarray */ + { +#ifdef TMP_SLOTS + struct berval tmp[TMP_SLOTS]; + bvp = va_arg( ap, struct berval ** ); + *bvp = NULL; + j = 0; + for ( tag = ber_first_element( ber, &len, &last ); + tag != LBER_DEFAULT && rc != LBER_DEFAULT; + tag = ber_next_element( ber, &len, last ) ) + { + rc = ber_get_stringbv( ber, &tmp[j] ); j++; + assert( j < TMP_SLOTS); + } + if (j > 0 && rc != LBER_DEFAULT ) { + *bvp = (struct berval *)LBER_MALLOC( (j+1) * sizeof(struct berval)); + if (*bvp == NULL) { + rc = LBER_DEFAULT; + } else { + (*bvp)[j].bv_val = NULL; + (*bvp)[j].bv_len = 0; + for (j--; j>=0; j--) + (*bvp)[j] = tmp[j]; + } + } + if ( rc == LBER_DEFAULT ) { + for (j--; j>=0; j--) + LBER_FREE(tmp[j].bv_val); } - if ( j > 0 ) (*bv)[j] = NULL; +#else + bgbvr cookie = { ber, BvArray }; + cookie.res.ba = va_arg( ap, struct berval ** ); + rc = ber_get_stringbvr( &cookie, 0 ); +#endif break; + } case 'x': /* skip the next element - whatever it is */ if ( (rc = ber_skip_tag( ber, &len )) == LBER_DEFAULT ) @@ -642,7 +778,8 @@ ber_scanf ( BerElement *ber, case '{': /* begin sequence */ case '[': /* begin set */ - if ( *(fmt + 1) != 'v' && *(fmt + 1) != 'V' ) + if ( *(fmt + 1) != 'v' && *(fmt + 1) != 'V' + && *(fmt + 1) != 'W' ) rc = ber_skip_tag( ber, &len ); break; @@ -665,9 +802,7 @@ ber_scanf ( BerElement *ber, } } -breakout: va_end( ap ); - if ( rc == LBER_DEFAULT ) { /* * Error. Reclaim malloced memory that was given to the caller. @@ -742,21 +877,8 @@ breakout: break; case 'v': /* sequence of strings */ - sss = va_arg( ap, char *** ); - if ( *sss ) { - ber_memvfree( (void **) *sss ); - *sss = NULL; - } - break; - case 'V': /* sequence of strings + lengths */ - bv = va_arg( ap, struct berval *** ); - if ( *bv ) { - ber_bvecfree( *bv ); - *bv = NULL; - } - break; - + case 'W': /* BVarray */ case 'n': /* null */ case 'x': /* skip the next element - whatever it is */ case '{': /* begin sequence */