From 51b611aa81d7ee01243b196abc34a0e2eabd293c Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 30 Oct 2020 12:46:05 +0000 Subject: [PATCH] LDAP: fix taint-check in server list walk. Bug 2646 --- doc/doc-txt/ChangeLog | 7 ++++++- src/src/lookups/ldap.c | 14 ++++++-------- test/confs/9001 | 2 +- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 1ce732f52..959218100 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -121,10 +121,15 @@ PP/01 Fix default prime selection to be consistent. execution flows will use the same DH primes (currently exim.dev.20160529.3). -JH/25 OpenSSL: Fix back-compatibiility behaviour surrounding tls_certificates +JH/25 OpenSSL: Fix back-compatibility behaviour surrounding tls_certificates option in smtp transport, to match the documentation. Previously verification was not being done in some cases where it should have been. +JH/26 Bug 2646: fix a memory usage issue in ldap lookups. Previously, when more + than one server was defined and depending on the platform memory layout + details, an internal consistency trap could be hit while walking the list + of servers. + Exim version 4.94 ----------------- diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index e2dbe5162..1674c9f1f 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -1091,9 +1091,7 @@ const uschar *p; uschar *user = NULL; uschar *password = NULL; uschar *local_servers = NULL; -uschar *server; const uschar *list; -uschar buffer[512]; while (isspace(*url)) url++; @@ -1251,13 +1249,13 @@ if (!eldap_default_servers && !local_servers || p[3] != '/') &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference, referrals); -/* Loop through the default servers until OK or FAIL. Use local_servers list - * if defined in the lookup, otherwise use the global default list */ -list = !local_servers ? eldap_default_servers : local_servers; -while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) +/* Loop through the servers until OK or FAIL. Use local_servers list +if defined in the lookup, otherwise use the global default list */ + +list = local_servers ? local_servers : eldap_default_servers; +for (uschar * server; server = string_nextinlist(&list, &sep, NULL, 0); ) { - int rc; - int port = 0; + int rc, port = 0; uschar *colon = Ustrchr(server, ':'); if (colon) { diff --git a/test/confs/9001 b/test/confs/9001 index a1f4ba3eb..ba5a1687f 100644 --- a/test/confs/9001 +++ b/test/confs/9001 @@ -18,7 +18,7 @@ r0: r1: driver = redirect - data = ${lookup ldap user="cn=xxx,o=yyy,c=UK" pass="secret" \ + data = ${lookup ldap {USER="cn=xxx,o=yyy,c=UK" PASS="secret" \ ldap:///o=zzz,c=UK,?sn?sub?(cn=foo)}} -- 2.30.2