ITS#7497 fix lineno overflow in ldif_read_record()

Author: hyc

clients/tools/ldapmodify.c

@@ -73,7 +73,7 @@ static int	ldapadd;
 static char *rejfile = NULL;
 static LDAP	*ld = NULL;
 
-static int process_ldif_rec LDAP_P(( char *rbuf, int lineno ));
+static int process_ldif_rec LDAP_P(( char *rbuf, unsigned long lineno ));
 static int domodify LDAP_P((
 	const struct berval *dn,
 	LDAPMod **pmods,
@@ -220,8 +220,8 @@ main( int argc, char **argv )
 	char		*matched_msg, *error_msg;
 	int		rc, retval, ldifrc;
 	int		len;
-	int		i = 0;
-	int		lineno, nextline = 0, lmax = 0;
+	int		i = 0, lmax = 0;
+	unsigned long	lineno, nextline = 0;
 	LDAPControl	c[1];
 
 	prog = lutil_progname( "ldapmodify", argc, argv );
@@ -377,7 +377,7 @@ fail:;
 
 
 static int
-process_ldif_rec( char *rbuf, int linenum )
+process_ldif_rec( char *rbuf, unsigned long linenum )
 {
 	LDIFRecord lr;
 	int lrflags = ldapadd ? LDIF_DEFAULT_ADD : 0;

include/ldap.h

@@ -2663,7 +2663,7 @@ ldap_ldif_record_done LDAP_P((
 LDAP_F( int )
 ldap_parse_ldif_record LDAP_P((
 	struct berval *rbuf,
-	int linenum,
+	unsigned long linenum,
 	LDIFRecord *lr,
 	const char *errstr,
 	unsigned int flags ));

include/ldap_pvt.h

@@ -323,7 +323,7 @@ LDAP_F ( int ) ldap_pvt_discard LDAP_P((
 LDAP_F( int )
 ldap_parse_ldif_record_x LDAP_P((
 	struct berval *rbuf,
-	int linenum,
+	unsigned long linenum,
 	struct ldifrecord *lr,
 	const char *errstr,
 	unsigned int flags,

include/ldif.h

@@ -105,7 +105,7 @@ ldif_close LDAP_P(( LDIFFP * ));
 LDAP_LDIF_F( int )
 ldif_read_record LDAP_P((
 	LDIFFP *fp,
-	int *lineno,
+	unsigned long *lineno,
 	char **bufp,
 	int *buflen ));
 

libraries/libldap/ldif.c

@@ -814,7 +814,7 @@ ldif_close(
 int
 ldif_read_record(
 	LDIFFP      *lfp,
-	int         *lno,		/* ptr to line number counter              */
+	unsigned long *lno,		/* ptr to line number counter              */
 	char        **bufp,     /* ptr to malloced output buffer           */
 	int         *buflenp )  /* ptr to length of *bufp                  */
 {

libraries/libldap/ldifutil.c

@@ -100,7 +100,7 @@ ldap_ldif_record_done( LDIFRecord *lr )
 int
 ldap_parse_ldif_record_x(
 	struct berval *rbuf,
-	int linenum,
+	unsigned long linenum,
 	LDIFRecord *lr,
 	const char *errstr,
 	unsigned int flags,
@@ -155,7 +155,7 @@ ldap_parse_ldif_record_x(
 		}
 
 		if ( ( rc = ldif_parse_line2( line, lr->lr_btype+i, lr->lr_vals+i, &freev ) ) < 0 ) {
-			fprintf( stderr, _("%s: invalid format (line %d) entry: \"%s\"\n"),
+			fprintf( stderr, _("%s: invalid format (line %lu) entry: \"%s\"\n"),
 				errstr, linenum+i, dn == NULL ? "" : dn );
 			rc = LDAP_PARAM_ERROR;
 			goto leave;
@@ -175,7 +175,7 @@ ldap_parse_ldif_record_x(
 				if ( lr->lr_vals[i].bv_len != version1.bv_len || strncmp( lr->lr_vals[i].bv_val, version1.bv_val, version1.bv_len ) != 0 )
 				{
 					fprintf( stderr,
-						_("%s: invalid version %s, line %d (ignored)\n"),
+						_("%s: invalid version %s, line %lu (ignored)\n"),
 						errstr, lr->lr_vals[i].bv_val, linenum );
 				}
 				version++;
@@ -215,15 +215,15 @@ ldap_parse_ldif_record_x(
 			rc = parse_ldif_control( lr->lr_vals+i, &pctrls );
 			if (rc != 0) {
 				fprintf( stderr,
-						 _("%s: Error processing %s line, line %d: %s\n"),
+						 _("%s: Error processing %s line, line %lu: %s\n"),
 						 errstr, BV_CONTROL.bv_val, linenum+i, ldap_err2string(rc) );
 			}
 		}
 		i++;
 		if ( i>= lr->lr_lines ) {
 short_input:
 			fprintf( stderr,
-				_("%s: Expecting more input after %s line, line %d\n"),
+				_("%s: Expecting more input after %s line, line %lu\n"),
 				errstr, lr->lr_btype[i-1].bv_val, linenum+i );
 
 			rc = LDAP_PARAM_ERROR;
@@ -244,7 +244,7 @@ ldap_parse_ldif_record_x(
 
 		if ( ++icnt != lr->lr_vals[i].bv_len ) {
 			fprintf( stderr, _("%s: illegal trailing space after"
-				" \"%s: %s\" trimmed (line %d, entry \"%s\")\n"),
+				" \"%s: %s\" trimmed (line %lu, entry \"%s\")\n"),
 				errstr, BV_CHANGETYPE.bv_val, lr->lr_vals[i].bv_val, linenum+i, dn );
 			lr->lr_vals[i].bv_val[icnt] = '\0';
 		}
@@ -255,7 +255,7 @@ ldap_parse_ldif_record_x(
 		if ( flags & LDIF_ENTRIES_ONLY ) {
 			if ( !( BV_CASEMATCH( lr->lr_vals+i, &BV_ADDCT )) ) {
 				ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
-									_("%s: skipping LDIF record beginning at line %d: "
+									_("%s: skipping LDIF record beginning at line %lu: "
 									  "changetype '%.*s' found but entries only was requested\n"),
 									errstr, linenum,
 									(int)lr->lr_vals[i].bv_len,
@@ -279,7 +279,7 @@ ldap_parse_ldif_record_x(
 				goto short_input;
 			if ( !BV_CASEMATCH( lr->lr_btype+i, &BV_NEWRDN )) {
 				fprintf( stderr, _("%s: expecting \"%s:\" but saw"
-					" \"%s:\" (line %d, entry \"%s\")\n"),
+					" \"%s:\" (line %lu, entry \"%s\")\n"),
 					errstr, BV_NEWRDN.bv_val, lr->lr_btype[i].bv_val, linenum+i, dn );
 				rc = LDAP_PARAM_ERROR;
 				goto leave;
@@ -290,7 +290,7 @@ ldap_parse_ldif_record_x(
 				goto short_input;
 			if ( !BV_CASEMATCH( lr->lr_btype+i, &BV_DELETEOLDRDN )) {
 				fprintf( stderr, _("%s: expecting \"%s:\" but saw"
-					" \"%s:\" (line %d, entry \"%s\")\n"),
+					" \"%s:\" (line %lu, entry \"%s\")\n"),
 					errstr, BV_DELETEOLDRDN.bv_val, lr->lr_btype[i].bv_val, linenum+i, dn );
 				rc = LDAP_PARAM_ERROR;
 				goto leave;
@@ -300,7 +300,7 @@ ldap_parse_ldif_record_x(
 			if ( i < lr->lr_lines ) {
 				if ( !BV_CASEMATCH( lr->lr_btype+i, &BV_NEWSUP )) {
 					fprintf( stderr, _("%s: expecting \"%s:\" but saw"
-						" \"%s:\" (line %d, entry \"%s\")\n"),
+						" \"%s:\" (line %lu, entry \"%s\")\n"),
 						errstr, BV_NEWSUP.bv_val, lr->lr_btype[i].bv_val, linenum+i, dn );
 					rc = LDAP_PARAM_ERROR;
 					goto leave;
@@ -313,7 +313,7 @@ ldap_parse_ldif_record_x(
 			got_all = delete_entry = 1;
 		} else {
 			fprintf( stderr,
-				_("%s:  unknown %s \"%s\" (line %d, entry \"%s\")\n"),
+				_("%s:  unknown %s \"%s\" (line %lu, entry \"%s\")\n"),
 				errstr, BV_CHANGETYPE.bv_val, lr->lr_vals[i].bv_val, linenum+i, dn );
 			rc = LDAP_PARAM_ERROR;
 			goto leave;
@@ -327,7 +327,7 @@ ldap_parse_ldif_record_x(
 		   there must be no changetype, and the flag LDIF_DEFAULT_ADD must be set */
 		if ( flags & LDIF_ENTRIES_ONLY ) {
 			ber_pvt_log_printf( LDAP_DEBUG_ANY, ldif_debug,
-								_("%s: skipping LDIF record beginning at line %d: "
+								_("%s: skipping LDIF record beginning at line %lu: "
 								  "no changetype found but entries only was requested and "
 								  "the default setting for missing changetype is modify\n"),
 								errstr, linenum );
@@ -339,7 +339,7 @@ ldap_parse_ldif_record_x(
 	if ( got_all ) {
 		if ( i < lr->lr_lines ) {
 			fprintf( stderr,
-				_("%s: extra lines at end (line %d, entry \"%s\")\n"),
+				_("%s: extra lines at end (line %lu, entry \"%s\")\n"),
 				errstr, linenum+i, dn );
 			rc = LDAP_PARAM_ERROR;
 			goto leave;
@@ -358,7 +358,7 @@ ldap_parse_ldif_record_x(
 			for (j=i+1; j<lr->lr_lines; j++) {
 				if ( !lr->lr_btype[j].bv_val ) {
 					fprintf( stderr,
-						_("%s: missing attributeDescription (line %d, entry \"%s\")\n"),
+						_("%s: missing attributeDescription (line %lu, entry \"%s\")\n"),
 						errstr, linenum+j, dn );
 					rc = LDAP_PARAM_ERROR;
 					goto leave;
@@ -400,7 +400,7 @@ ldap_parse_ldif_record_x(
 			if ( BV_CASEMATCH( lr->lr_btype+i, &BV_DN )) {
 				fprintf( stderr, _("%s: attributeDescription \"%s\":"
 					" (possible missing newline"
-						" after line %d, entry \"%s\"?)\n"),
+						" after line %lu, entry \"%s\"?)\n"),
 					errstr, lr->lr_btype[i].bv_val, linenum+i - 1, dn );
 			}
 			if ( !BV_CASEMATCH( lr->lr_btype+i, &bv )) {
@@ -434,7 +434,7 @@ ldap_parse_ldif_record_x(
 
 			if ( ++icnt != lr->lr_vals[i].bv_len ) {
 				fprintf( stderr, _("%s: illegal trailing space after"
-					" \"%s: %s\" trimmed (line %d, entry \"%s\")\n"),
+					" \"%s: %s\" trimmed (line %lu, entry \"%s\")\n"),
 					errstr, type, lr->lr_vals[i].bv_val, linenum+i, dn );
 				lr->lr_vals[i].bv_val[icnt] = '\0';
 			}
@@ -465,7 +465,7 @@ ldap_parse_ldif_record_x(
 				nmods--;
 			} else {	/* no modify op: invalid LDIF */
 				fprintf( stderr, _("%s: modify operation type is missing at"
-					" line %d, entry \"%s\"\n"),
+					" line %lu, entry \"%s\"\n"),
 					errstr, linenum+i, dn );
 				rc = LDAP_PARAM_ERROR;
 				goto leave;
@@ -479,7 +479,7 @@ ldap_parse_ldif_record_x(
 		} else {
 			if ( !BV_CASEMATCH( lr->lr_btype+i, &bv )) {
 				fprintf( stderr, _("%s: wrong attributeType at"
-					" line %d, entry \"%s\"\n"),
+					" line %lu, entry \"%s\"\n"),
 					errstr, linenum+i, dn );
 				rc = LDAP_PARAM_ERROR;
 				goto leave;
@@ -564,7 +564,7 @@ ldap_parse_ldif_record_x(
 int
 ldap_parse_ldif_record(
 	struct berval *rbuf,
-	int linenum,
+	unsigned long linenum,
 	LDIFRecord *lr,
 	const char *errstr,
 	unsigned int flags )

servers/slapd/back-sql/config.c

@@ -539,7 +539,8 @@ read_baseObject(
 {
 	backsql_info 	*bi = (backsql_info *)be->be_private;
 	LDIFFP		*fp;
-	int		rc = 0, lineno = 0, lmax = 0, ldifrc;
+	int		rc = 0, lmax = 0, ldifrc;
+	unsigned long	lineno = 0;
 	char		*buf = NULL;
 
 	assert( fname != NULL );
@@ -571,7 +572,7 @@ read_baseObject(
 
 		if( e == NULL ) {
 			fprintf( stderr, "back-sql baseObject: "
-					"could not parse entry (line=%d)\n",
+					"could not parse entry (line=%lu)\n",
 					lineno );
 			rc = LDAP_OTHER;
 			break;
@@ -581,7 +582,7 @@ read_baseObject(
 		if ( !be_issuffix( be, &e->e_nname ) ) {
 			fprintf( stderr,
 				"back-sql: invalid baseObject - "
-				"dn=\"%s\" (line=%d)\n",
+				"dn=\"%s\" (line=%lu)\n",
 				e->e_name.bv_val, lineno );
 			entry_free( e );
 			rc = LDAP_OTHER;

servers/slapd/root_dse.c

@@ -401,7 +401,8 @@ int
 root_dse_read_file( const char *fname )
 {
 	struct LDIFFP	*fp;
-	int rc = 0, lineno = 0, lmax = 0, ldifrc;
+	int rc = 0, lmax = 0, ldifrc;
+	unsigned long lineno = 0;
 	char	*buf = NULL;
 
 	if ( (fp = ldif_open( fname, "r" )) == NULL ) {
@@ -427,7 +428,7 @@ root_dse_read_file( const char *fname )
 
 		if( e == NULL ) {
 			Debug( LDAP_DEBUG_ANY, "root_dse_read_file: "
-				"could not parse entry (file=\"%s\" line=%d)\n",
+				"could not parse entry (file=\"%s\" line=%lu)\n",
 				fname, lineno, 0 );
 			rc = LDAP_OTHER;
 			break;
@@ -437,7 +438,7 @@ root_dse_read_file( const char *fname )
 		if( e->e_nname.bv_len ) {
 			Debug( LDAP_DEBUG_ANY,
 				"root_dse_read_file: invalid rootDSE "
-				"- dn=\"%s\" (file=\"%s\" line=%d)\n",
+				"- dn=\"%s\" (file=\"%s\" line=%lu)\n",
 				e->e_dn, fname, lineno );
 			entry_free( e );
 			rc = LDAP_OTHER;

servers/slapd/slapadd.c

@@ -44,14 +44,14 @@ static char csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];
 
 typedef struct Erec {
 	Entry *e;
-	int lineno;
-	int nextline;
+	unsigned long lineno;
+	unsigned long nextline;
 } Erec;
 
 typedef struct Trec {
 	Entry *e;
-	int lineno;
-	int nextline;
+	unsigned long lineno;
+	unsigned long nextline;
 	int rc;
 	int ready;
 } Trec;
@@ -108,7 +108,7 @@ getrec0(Erec *erec)
 					 0);
 
 		if( e == NULL ) {
-			fprintf( stderr, "%s: could not parse entry (line=%d)\n",
+			fprintf( stderr, "%s: could not parse entry (line=%lu)\n",
 				progname, erec->lineno );
 			return -2;
 		}
@@ -117,7 +117,7 @@ getrec0(Erec *erec)
 		if( BER_BVISEMPTY( &e->e_nname ) &&
 			!BER_BVISEMPTY( be->be_nsuffix ))
 		{
-			fprintf( stderr, "%s: line %d: "
+			fprintf( stderr, "%s: line %lu: "
 				"cannot add entry with empty dn=\"%s\"",
 				progname, erec->lineno, e->e_dn );
 			bd = select_backend( &e->e_nname, nosubordinates );
@@ -144,7 +144,7 @@ getrec0(Erec *erec)
 		/* check backend */
 		bd = select_backend( &e->e_nname, nosubordinates );
 		if ( bd != be ) {
-			fprintf( stderr, "%s: line %d: "
+			fprintf( stderr, "%s: line %lu: "
 				"database #%d (%s) not configured to hold \"%s\"",
 				progname, erec->lineno,
 				dbnum,
@@ -432,7 +432,7 @@ slapadd( int argc, char **argv )
 			id = be->be_entry_put( be, erec.e, &bvtext );
 			if( id == NOID ) {
 				fprintf( stderr, "%s: could not add entry dn=\"%s\" "
-								 "(line=%d): %s\n", progname, erec.e->e_dn,
+								 "(line=%lu): %s\n", progname, erec.e->e_dn,
 								 erec.lineno, bvtext.bv_val );
 				rc = EXIT_FAILURE;
 				if( continuemode ) {

servers/slapd/slapcommon.c

@@ -456,7 +456,7 @@ slap_tool_init(
 			} break;
 
 		case 'j':	/* jump to linenumber */
-			if ( lutil_atoi( &jumpline, optarg ) ) {
+			if ( lutil_atoul( &jumpline, optarg ) ) {
 				usage( tool, progname );
 			}
 			break;

servers/slapd/slapcommon.h

@@ -43,9 +43,9 @@ typedef struct tool_vars {
 	int tv_continuemode;
 	int tv_nosubordinates;
 	int tv_dryrun;
-	int tv_jumpline;
-	struct berval tv_sub_ndn;
 	int tv_scope;
+	unsigned long tv_jumpline;
+	struct berval tv_sub_ndn;
 	Filter *tv_filter;
 	struct LDIFFP	*tv_ldiffp;
 	struct berval tv_baseDN;