LDAP: fix taint-check in server list walk. Bug 2646

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1ce732f52d40854018c6b37a93db7e4932b54e9e..9592181006de1bc1b0219ac68631ed6aff9a1b86 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -121,10 +121,15 @@ PP/01 Fix default prime selection to be consistent.
       execution flows will use the same DH primes (currently
       exim.dev.20160529.3).
 
       execution flows will use the same DH primes (currently
       exim.dev.20160529.3).
 

-JH/25 OpenSSL: Fix back-compatibiility behaviour surrounding tls_certificates
+JH/25 OpenSSL: Fix back-compatibility behaviour surrounding tls_certificates

       option in smtp transport, to match the documentation.  Previously
       verification was not being done in some cases where it should have been.
 
       option in smtp transport, to match the documentation.  Previously
       verification was not being done in some cases where it should have been.
 

+JH/26 Bug 2646: fix a memory usage issue in ldap lookups.  Previously, when more
+      than one server was defined and depending on the platform memory layout
+      details, an internal consistency trap could be hit while walking the list
+      of servers.
+

 
 Exim version 4.94
 -----------------
 
 Exim version 4.94
 -----------------

diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index e2dbe51624b23e3ef3c04a87c6bcc84faef91e06..1674c9f1f9c716dfb19ab87f821997becf9ea908 100644 (file)
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -1091,9 +1091,7 @@ const uschar *p;
 uschar *user = NULL;
 uschar *password = NULL;
 uschar *local_servers = NULL;
 uschar *user = NULL;
 uschar *password = NULL;
 uschar *local_servers = NULL;

-uschar *server;

 const uschar *list;
 const uschar *list;

-uschar buffer[512];

 
 while (isspace(*url)) url++;
 
 
 while (isspace(*url)) url++;
 


@@ -1251,13 +1249,13 @@ if (!eldap_default_servers && !local_servers  || p[3] != '/')
     &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
     referrals);
 
     &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
     referrals);
 

-/* Loop through the default servers until OK or FAIL. Use local_servers list
- * if defined in the lookup, otherwise use the global default list */
-list = !local_servers ? eldap_default_servers : local_servers;
-while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
+/* Loop through the servers until OK or FAIL. Use local_servers list
+if defined in the lookup, otherwise use the global default list */
+
+list = local_servers ? local_servers : eldap_default_servers;
+for (uschar * server; server = string_nextinlist(&list, &sep, NULL, 0); )

   {
   {

-  int rc;
-  int port = 0;
+  int rc, port = 0;

   uschar *colon = Ustrchr(server, ':');
   if (colon)
     {
   uschar *colon = Ustrchr(server, ':');
   if (colon)
     {

diff --git a/test/confs/9001 b/test/confs/9001
index a1f4ba3ebd9c9bbc093cbe07b3f9459260c8521d..ba5a1687f6366f10a56d5b7df04d048c7f24af39 100644 (file)
--- a/test/confs/9001
+++ b/test/confs/9001
@@ -18,7 +18,7 @@ r0:
 
 r1:
   driver = redirect
 
 r1:
   driver = redirect

-  data = ${lookup ldap user="cn=xxx,o=yyy,c=UK" pass="secret" \
+  data = ${lookup ldap {USER="cn=xxx,o=yyy,c=UK" PASS="secret" \

          ldap:///o=zzz,c=UK,?sn?sub?(cn=foo)}}
 
 
          ldap:///o=zzz,c=UK,?sn?sub?(cn=foo)}}