[Fedora-directory-commits] dsmlgw/dsml European.dsml, 1.2, 1.3 Example-roles.dsml, 1.2, 1.3 Example.dsml, 1.2, 1.3
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsmlgw/dsml
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24176/dsmlgw/dsml
Modified Files:
European.dsml Example-roles.dsml Example.dsml
Log Message:
relicense all files under the GPLv2 + gnu classpathx exception - remove etc/dirsrv/dsmlgw/dsmlgw.cfg - the ant tar task has to explicitly set the executable mode of scripts
Index: European.dsml
===================================================================
RCS file: /cvs/dirsec/dsmlgw/dsml/European.dsml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- European.dsml 18 Apr 2008 16:43:38 -0000 1.2
+++ European.dsml 30 Apr 2008 20:49:22 -0000 1.3
@@ -1,17 +1,23 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!-- BEGIN COPYRIGHT BLOCK
- This Program is free software; you can redistribute it and/or modify it under
- the terms of the GNU General Public License as published by the Free Software
- Foundation; version 2 of the License.
+ This Program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
- This Program is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ This Program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along with
- this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
- Place, Suite 330, Boston, MA 02111-1307 USA.
+ You should have received a copy of the GNU General Public License
+ along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ As a special exception, if you link this library with other files to
+ produce an executable, this library does not by itself cause the
+ resulting executable to be covered by the GNU General Public License.
+ This exception does not however invalidate any other reasons why the
+ executable file might be covered by the GNU General Public License.
Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
Copyright (C) 2005 Red Hat, Inc.
Index: Example-roles.dsml
===================================================================
RCS file: /cvs/dirsec/dsmlgw/dsml/Example-roles.dsml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- Example-roles.dsml 18 Apr 2008 16:43:38 -0000 1.2
+++ Example-roles.dsml 30 Apr 2008 20:49:22 -0000 1.3
@@ -1,17 +1,23 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!-- BEGIN COPYRIGHT BLOCK
- This Program is free software; you can redistribute it and/or modify it under
- the terms of the GNU General Public License as published by the Free Software
- Foundation; version 2 of the License.
+ This Program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
- This Program is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ This Program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along with
- this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
- Place, Suite 330, Boston, MA 02111-1307 USA.
+ You should have received a copy of the GNU General Public License
+ along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ As a special exception, if you link this library with other files to
+ produce an executable, this library does not by itself cause the
+ resulting executable to be covered by the GNU General Public License.
+ This exception does not however invalidate any other reasons why the
+ executable file might be covered by the GNU General Public License.
Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
Copyright (C) 2005 Red Hat, Inc.
Index: Example.dsml
===================================================================
RCS file: /cvs/dirsec/dsmlgw/dsml/Example.dsml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- Example.dsml 18 Apr 2008 16:43:38 -0000 1.2
+++ Example.dsml 30 Apr 2008 20:49:22 -0000 1.3
@@ -1,17 +1,23 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!-- BEGIN COPYRIGHT BLOCK
- This Program is free software; you can redistribute it and/or modify it under
- the terms of the GNU General Public License as published by the Free Software
- Foundation; version 2 of the License.
+ This Program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
- This Program is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ This Program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along with
- this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
- Place, Suite 330, Boston, MA 02111-1307 USA.
+ You should have received a copy of the GNU General Public License
+ along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ As a special exception, if you link this library with other files to
+ produce an executable, this library does not by itself cause the
+ resulting executable to be covered by the GNU General Public License.
+ This exception does not however invalidate any other reasons why the
+ executable file might be covered by the GNU General Public License.
Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
Copyright (C) 2005 Red Hat, Inc.
16 years
[Fedora-directory-commits] dsmlgw LICENSE, 1.1, 1.2 build.xml, 1.9, 1.10
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsmlgw
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24176/dsmlgw
Modified Files:
LICENSE build.xml
Log Message:
relicense all files under the GPLv2 + gnu classpathx exception - remove etc/dirsrv/dsmlgw/dsmlgw.cfg - the ant tar task has to explicitly set the executable mode of scripts
Index: LICENSE
===================================================================
RCS file: /cvs/dirsec/dsmlgw/LICENSE,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- LICENSE 18 Apr 2008 16:43:38 -0000 1.1
+++ LICENSE 30 Apr 2008 20:49:21 -0000 1.2
@@ -1,13 +1,18 @@
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
+This Program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
-This program is distributed in the hope that it will be useful,
+This Program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+As a special exception, if you link this library with other files to
+produce an executable, this library does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+This exception does not however invalidate any other reasons why the
+executable file might be covered by the GNU General Public License.
Index: build.xml
===================================================================
RCS file: /cvs/dirsec/dsmlgw/build.xml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- build.xml 25 Apr 2008 02:28:09 -0000 1.9
+++ build.xml 30 Apr 2008 20:49:21 -0000 1.10
@@ -1,16 +1,23 @@
<?xml version='1.0'?>
<!-- BEGIN COPYRIGHT BLOCK
- This Program is free software; you can redistribute it and/or modify it under
- the terms of the GNU General Public License as published by the Free Software
- Foundation; version 2 of the License.
-
- This Program is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
- Place, Suite 330, Boston, MA 02111-1307 USA.
+ This Program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This Program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+ As a special exception, if you link this library with other files to
+ produce an executable, this library does not by itself cause the
+ resulting executable to be covered by the GNU General Public License.
+ This exception does not however invalidate any other reasons why the
+ executable file might be covered by the GNU General Public License.
Copyright (C) 2005 Red Hat, Inc.
All rights reserved.
@@ -226,18 +233,22 @@
<copyfilter file="scripts/ldif2dsml.in"
tofile="${pkg.dir}${dsmlgwbindir}/ldif2dsml"/>
<chmod file="${pkg.dir}${dsmlgwbindir}/ldif2dsml" perm="0755"/>
- <copy file="misc/dsmlgw.cfg" todir="${pkg.dir}${dsmlgwconfigdir}"/>
- <chmod file="${pkg.dir}${dsmlgwconfigdir}/dsmlgw.cfg" perm="0644"/>
<copy todir="${pkg.dir}${dsmlgwdatadir}/data">
<fileset dir="dsml">
<include name="*.dsml"/>
</fileset>
</copy>
- <tar destfile="${dist.dir}/${ant.project.name}-${version}.tar"
- basedir="${pkg.dir}"/>
- <gzip zipfile="${dist.dir}/${ant.project.name}-${version}.tar.gz"
- src="${dist.dir}/${ant.project.name}-${version}.tar"/>
- <delete file="${dist.dir}/${ant.project.name}-${version}.tar"/>
+ <tar destfile="${dist.dir}/${ant.project.name}-${version}.tar.gz"
+ compression="gzip">
+ <tarfileset dir="${pkg.dir}" mode="0755">
+ <include name="**/bin/**"/>
+ <include name="**/sbin/**"/>
+ </tarfileset>
+ <tarfileset dir="${pkg.dir}">
+ <exclude name="**/bin/**"/>
+ <exclude name="**/sbin/**"/>
+ </tarfileset>
+ </tar>
</target>
<target name="prepare" description="prepares the output directories">
16 years
[Fedora-directory-commits] ldapserver/ldap/cm/newinst ns-update, 1.6, 1.6.2.1
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4673/ldap/cm/newinst
Modified Files:
Tag: Directory71RtmBranch
ns-update
Log Message:
Resolves: RHSA-2008:0199
Description: A shell command injection flaw in the Red Hat Administration
Server replication monitor CGI script could be exploited by an attacker to
execute arbitrary shell commands with root privileges.
Index: ns-update
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/Attic/ns-update,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- ns-update 19 Apr 2005 22:07:20 -0000 1.6
+++ ns-update 30 Apr 2008 18:28:30 -0000 1.6.2.1
@@ -169,6 +169,13 @@
start_server $sroot $dir
echo ""
done
+ # fixup any admin server files
+ if [ -f $sroot/bin/admin/admin/bin/repl-monitor-cgi.pl.backup ] ; then
+ echo Already have repl-monitor-cgi.pl patch, skipping . . .
+ else
+ cp -f -p $sroot/bin/admin/admin/bin/repl-monitor-cgi.pl $sroot/bin/admin/admin/bin/repl-monitor-cgi.pl.backup
+ cp -f -p $sroot/bin/slapd/admin/scripts/template-repl-monitor-cgi.pl $sroot/bin/admin/admin/bin/repl-monitor-cgi.pl
+ fi
fi
wrap_security_tools $sroot
16 years
[Fedora-directory-commits] ldapserver/ldap/cm fedora-patch.inf, 1.1.2.19, 1.1.2.20 redhat-patch.inf, 1.1.2.20, 1.1.2.21
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4673/ldap/cm
Modified Files:
Tag: Directory71RtmBranch
fedora-patch.inf redhat-patch.inf
Log Message:
Resolves: RHSA-2008:0199
Description: A shell command injection flaw in the Red Hat Administration
Server replication monitor CGI script could be exploited by an attacker to
execute arbitrary shell commands with root privileges.
Index: fedora-patch.inf
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/Attic/fedora-patch.inf,v
retrieving revision 1.1.2.19
retrieving revision 1.1.2.20
diff -u -r1.1.2.19 -r1.1.2.20
--- fedora-patch.inf 26 Jan 2008 01:53:35 -0000 1.1.2.19
+++ fedora-patch.inf 30 Apr 2008 18:28:30 -0000 1.1.2.20
@@ -46,8 +46,13 @@
# 32it:
# %DISTDIR32% points <buildroot>/dist/<platform>
#
+# Changes for 7.1 SP5
+# added files for bug 437301
+#
base: ...
+file: 437301: bin/slapd/admin/scripts/template-repl-monitor-cgi.pl
+file: 437301: bin/slapd/admin/bin/ns-update
file: 147585: plugins/slapd/slapi/examples/testpreop.c
file: 164834,165641,166229,173687,175063,202890,247725,297221,196523,208058,311851,240583: bin/slapd/server/ns-slapd
file: 155276,164834,164843,165641,166229,173687,175063,179135,179137,202890,247725,297221,240897,428764: bin/slapd/server/libslapd.*
Index: redhat-patch.inf
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/Attic/redhat-patch.inf,v
retrieving revision 1.1.2.20
retrieving revision 1.1.2.21
diff -u -r1.1.2.20 -r1.1.2.21
--- redhat-patch.inf 26 Jan 2008 01:53:35 -0000 1.1.2.20
+++ redhat-patch.inf 30 Apr 2008 18:28:30 -0000 1.1.2.21
@@ -46,8 +46,13 @@
# 32it:
# %DISTDIR32% points <buildroot>/dist/<platform>
#
+# Changes for 7.1 SP5
+# added files for bug 437301
+#
base: /share/builds/products/server/directry/7.1
+file: 437301: bin/slapd/admin/scripts/template-repl-monitor-cgi.pl
+file: 437301: bin/slapd/admin/bin/ns-update
file: 147585: plugins/slapd/slapi/examples/testpreop.c
file: 164834,165641,166229,173687,175063,202890,247725,297221,196523,208058,311851,240583: bin/slapd/server/ns-slapd
file: 155276,164834,164843,165641,166229,173687,175063,179135,179137,202890,247725,297221,240897,428764: bin/slapd/server/libslapd.*
16 years
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-repl-monitor-cgi.pl, 1.4, 1.4.2.1
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4673/ldap/admin/src/scripts
Modified Files:
Tag: Directory71RtmBranch
template-repl-monitor-cgi.pl
Log Message:
Resolves: RHSA-2008:0199
Description: A shell command injection flaw in the Red Hat Administration
Server replication monitor CGI script could be exploited by an attacker to
execute arbitrary shell commands with root privileges.
Index: template-repl-monitor-cgi.pl
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Attic/template-repl-monitor-cgi.pl,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- template-repl-monitor-cgi.pl 19 Apr 2005 22:07:00 -0000 1.4
+++ template-repl-monitor-cgi.pl 30 Apr 2008 18:28:25 -0000 1.4.2.1
@@ -40,33 +40,40 @@
use Cgi;
-$params = "";
-$params .= " -h $cgiVars{'servhost'}" if $cgiVars{'servhost'};
-$params .= " -p $cgiVars{'servport'}" if $cgiVars{'servport'};
-$params .= " -f $cgiVars{'configfile'}" if $cgiVars{'configfile'};
-$params .= " -t $cgiVars{'refreshinterval'}" if $cgiVars{'refreshinterval'};
-if ($cgiVars{'admurl'}) {
- $admurl = "$cgiVars{'admurl'}";
- if ( $ENV{'QUERY_STRING'} ) {
- $admurl .= "?$ENV{'QUERY_STRING'}";
- }
- elsif ( $ENV{'CONTENT_LENGTH'} ) {
- $admurl .= "?$Cgi::CONTENT";
- }
- $params .= " -u \"$admurl\"";
-}
-$siteroot = $cgiVars{'siteroot'};
+@ARGV = (); # clear it out
+my $configfile = $ENV{ADMSERV_ROOT} . "/replmon.conf";
+push @ARGV, '-f', $configfile;
+
+my $refreshinterval = $cgiVars{'refreshinterval'} ? int($cgiVars{'refreshinterval'}) : "300";
+push @ARGV, '-t', $refreshinterval;
+
+my $siteroot = $ENV{NETSITE_ROOT};
$perl = "$siteroot/bin/slapd/admin/bin/perl";
$ENV{'LD_LIBRARY_PATH'} = "$siteroot/lib:$siteroot/lib/nsPerl5.005_03/lib";
-# Save user-specified parameters as cookies in monreplication.properties.
-# Sync up with the property file so that monreplication2 is interval, and
-# monreplication3 the config file pathname.
-$propertyfile = "$siteroot/bin/admin/admin/bin/property/monreplication.properties";
-$edit1 = "s#monreplication2=.*#monreplication2=$cgiVars{'refreshinterval'}#;";
-$edit2 = "s#^monreplication3=.*#monreplication3=$cgiVars{'configfile'}#;";
-system("$perl -p -i.bak -e \"$edit1\" -e \"$edit2\" $propertyfile");
+my $admurl = "http://";
+if ($ENV{HTTPS} and (lc($ENV{HTTPS}) eq "on")) {
+ $admurl = "https://";
+}
+$admurl .= $ENV{HTTP_HOST} . $ENV{SCRIPT_NAME} . "?refreshinterval=$refreshinterval";
+push @ARGV, '-u', $admurl;
+
+if ($configfile and -f $configfile) {
+ # have to grab the first host from it
+ if (open(CONFFILE, $configfile)) {
+ while (<CONFFILE>) {
+ next if (/^\#/); # skip comments
+ next if (/^\s*$/); # skip blank lines
+ next if (/^\[/); # skip sections
+ my ($host, $port, $rest) = split(/:/);
+ push @ARGV, '-h', $host;
+ push @ARGV, '-p', $port;
+ last;
+ }
+ close CONFFILE;
+ }
+}
# Now the real work
$replmon = "$siteroot/bin/slapd/admin/scripts/template-repl-monitor.pl";
-system("$perl $replmon $params");
+exec $perl, $replmon, @ARGV;
16 years
[Fedora-directory-commits] ldapserver ldapserver.spec.tmpl, 1.10.2.12, 1.10.2.13
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4673
Modified Files:
Tag: Directory71RtmBranch
ldapserver.spec.tmpl
Log Message:
Resolves: RHSA-2008:0199
Description: A shell command injection flaw in the Red Hat Administration
Server replication monitor CGI script could be exploited by an attacker to
execute arbitrary shell commands with root privileges.
Index: ldapserver.spec.tmpl
===================================================================
RCS file: /cvs/dirsec/ldapserver/Attic/ldapserver.spec.tmpl,v
retrieving revision 1.10.2.12
retrieving revision 1.10.2.13
diff -u -r1.10.2.12 -r1.10.2.13
--- ldapserver.spec.tmpl 29 Feb 2008 22:27:06 -0000 1.10.2.12
+++ ldapserver.spec.tmpl 30 Apr 2008 18:28:23 -0000 1.10.2.13
@@ -45,7 +45,7 @@
Summary: @COMPANY-PRODUCT-NAME@
Name: @LCASE-COMPANY-NAME-NOSP@-ds
Version: @GEN-VERSION@
-Release: 7.@PLATFORM@
+Release: 8.@PLATFORM@
License: GPL plus extensions
Group: System Environment/Daemons
URL: @COMPANY-URL@
@@ -136,6 +136,9 @@
fi
%changelog
+* Fri Mar 14 2008 Rich Megginson <rmeggins(a)redhat.com> 7.1-4-8
+- initial commit for sp5
+
* Fri Feb 29 2008 Noriko Hosoi <nhosoi(a)redhat.com> 7.1-4-7
- fixed the mode of java/jars
16 years
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/syntaxes string.c, 1.9, 1.10
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20689/plugins/syntaxes
Modified Files:
string.c
Log Message:
Resolves: #182621 (#443955)
Summary: Allow larger regex buffer to enable long substring filters
Description: Applying the patches provided by ulf.weltman(a)hp.com.
regex.c: use dynamically allocated regex buffer, use ptrdiff_t to store the offsets to be restored after the realloc, and use a constant for the value of "how much the NFA buffer can grow in one iteration on the pattern".
string.c: use dynamically allocated buffer if the prepared buffer is not large enough, used wrong pointer (pat instead of p) in a debug message, and performed an unneeded strcat of ".*"
Index: string.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes/string.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- string.c 28 Sep 2007 23:46:40 -0000 1.9
+++ string.c 29 Apr 2008 00:38:36 -0000 1.10
@@ -189,8 +189,8 @@
string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final,
Slapi_Value **bvals, int syntax )
{
- int i, j, rc;
- char *p, *end, *realval, *tmpbuf;
+ int i, j, rc, size=0;
+ char *p, *end, *realval, *tmpbuf, *bigpat = NULL;
size_t tmpbufsize;
char pat[BUFSIZ];
char buf[BUFSIZ];
@@ -198,7 +198,6 @@
LDAPDebug( LDAP_DEBUG_FILTER, "=> string_filter_sub\n",
0, 0, 0 );
-
/*
* construct a regular expression corresponding to the
* filter and let regex do the work for each value
@@ -207,16 +206,33 @@
pat[0] = '\0';
p = pat;
end = pat + sizeof(pat) - 2; /* leave room for null */
+
if ( initial != NULL ) {
- value_normalize( initial, syntax, 1 /* trim leading blanks */ );
- strcpy( p, "^" );
- p = strchr( p, '\0' );
- /* 2 * in case every char is special */
- if ( p + 2 * strlen( initial ) > end ) {
- LDAPDebug( LDAP_DEBUG_ANY, "not enough pattern space\n",
- 0, 0, 0 );
- return( -1 );
+ size = strlen( initial ) + 1; /* add 1 for "^" */
+ }
+
+ if ( any != NULL ) {
+ i = 0;
+ while ( any[i] ) {
+ size += strlen(any[i++]) + 2; /* add 2 for ".*" */
}
+ }
+
+ if ( final != NULL ) {
+ size += strlen( final ) + 3; /* add 3 for ".*" and "$" */
+ }
+
+ size *= 2; /* doubled in case all filter chars need escaping */
+ size++; /* add 1 for null */
+
+ if ( p + size > end ) {
+ bigpat = slapi_ch_malloc( size );
+ p = bigpat;
+ }
+
+ if ( initial != NULL ) {
+ value_normalize( initial, syntax, 1 /* trim leading blanks */ );
+ *p++ = '^';
filter_strcpy_special( p, initial );
p = strchr( p, '\0' );
}
@@ -224,13 +240,8 @@
for ( i = 0; any[i] != NULL; i++ ) {
value_normalize( any[i], syntax, 0 /* DO NOT trim leading blanks */ );
/* ".*" + value */
- if ( p + 2 * strlen( any[i] ) + 2 > end ) {
- LDAPDebug( LDAP_DEBUG_ANY,
- "not enough pattern space\n", 0, 0, 0 );
- return( -1 );
- }
- strcpy( p, ".*" );
- p = strchr( p, '\0' );
+ *p++ = '.';
+ *p++ = '*';
filter_strcpy_special( p, any[i] );
p = strchr( p, '\0' );
}
@@ -238,28 +249,26 @@
if ( final != NULL ) {
value_normalize( final, syntax, 0 /* DO NOT trim leading blanks */ );
/* ".*" + value */
- if ( p + 2 * strlen( final ) + 2 > end ) {
- LDAPDebug( LDAP_DEBUG_ANY, "not enough pattern space\n",
- 0, 0, 0 );
- return( -1 );
- }
- strcpy( p, ".*" );
- p = strchr( p, '\0' );
+ *p++ = '.';
+ *p++ = '*';
filter_strcpy_special( p, final );
- p = strchr( p, '\0' );
- strcpy( p, "$" );
+ strcat( p, "$" );
}
/* compile the regex */
+ p = (bigpat) ? bigpat : pat;
slapd_re_lock();
- if ( (p = slapd_re_comp( pat )) != 0 ) {
+ if ( (tmpbuf = slapd_re_comp( p )) != 0 ) {
LDAPDebug( LDAP_DEBUG_ANY, "re_comp (%s) failed (%s)\n",
pat, p, 0 );
slapd_re_unlock();
- return( -1 );
+ if( bigpat != NULL ) {
+ slapi_ch_free((void**)&bigpat );
+ }
+ return( LDAP_OPERATIONS_ERROR );
} else {
- LDAPDebug( LDAP_DEBUG_TRACE, "re_comp (%s)\n",
- escape_string( pat, ebuf ), 0, 0 );
+ LDAPDebug( LDAP_DEBUG_TRACE, "re_comp (%s)\n",
+ escape_string( p, ebuf ), 0, 0 );
}
/*
@@ -300,6 +309,9 @@
if ( tmpbuf != NULL ) {
slapi_ch_free((void**)&tmpbuf );
}
+ if( bigpat != NULL ) {
+ slapi_ch_free((void**)&bigpat );
+ }
LDAPDebug( LDAP_DEBUG_FILTER, "<= string_filter_sub %d\n",
rc, 0, 0 );
16 years
[Fedora-directory-commits] ldapserver/ldap/servers/slapd regex.c, 1.5, 1.6
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20689/slapd
Modified Files:
regex.c
Log Message:
Resolves: #182621 (#443955)
Summary: Allow larger regex buffer to enable long substring filters
Description: Applying the patches provided by ulf.weltman(a)hp.com.
regex.c: use dynamically allocated regex buffer, use ptrdiff_t to store the offsets to be restored after the realloc, and use a constant for the value of "how much the NFA buffer can grow in one iteration on the pattern".
string.c: use dynamically allocated buffer if the prepared buffer is not large enough, used wrong pointer (pat instead of p) in a debug message, and performed an unneeded strcat of ".*"
Index: regex.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/regex.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- regex.c 10 Nov 2006 23:45:40 -0000 1.5
+++ regex.c 29 Apr 2008 00:38:36 -0000 1.6
@@ -43,31 +43,6 @@
#include "slap.h" /* must come before regex.h */
#include "portable.h"
-static PRLock *regex_mutex = NULL;
-
-int
-slapd_re_init( void )
-{
- if ( NULL == regex_mutex ) {
- regex_mutex = PR_NewLock();
- }
- return( NULL == regex_mutex ? -1 : 0 );
-}
-
-void
-slapd_re_lock( void )
-{
- PR_ASSERT( NULL != regex_mutex );
- PR_Lock( regex_mutex );
-}
-
-int
-slapd_re_unlock( void )
-{
- PR_ASSERT( NULL != regex_mutex );
- return( PR_Unlock( regex_mutex ) );
-}
-
#if defined( MACOS ) || defined( DOS ) || defined( _WIN32 ) || defined( NEED_BSDREGEX )
#include "regex.h"
@@ -91,6 +66,13 @@
* Modification history:
*
* $Log$
+ * Revision 1.6 2008/04/29 00:38:36 nhosoi
+ * Resolves: #182621 (#443955)
+ * Summary: Allow larger regex buffer to enable long substring filters
+ * Description: Applying the patches provided by ulf.weltman(a)hp.com.
+ * regex.c: use dynamically allocated regex buffer, use ptrdiff_t to store the offsets to be restored after the realloc, and use a constant for the value of "how much the NFA buffer can grow in one iteration on the pattern".
+ * string.c: use dynamically allocated buffer if the prepared buffer is not large enough, used wrong pointer (pat instead of p) in a debug message, and performed an unneeded strcat of ".*"
+ *
* Revision 1.5 2006/11/10 23:45:40 nhosoi
* Resolves: #214533
* Summary: configure needs to support --with-fhs (Comment #6)
@@ -416,6 +398,12 @@
* matches: foo-foo fo-fo fob-fob foobar-foobar ...
*/
+/* This is the maximum the NFA buffer might grow for every op code processed.
+ The max seems to be the + after a character class, like "[a-z]+". It
+ needs 1 byte for the CCL code, 16 for the CCL bit map, and 2 for END codes
+ and 1 for a CLO code. */
+#define MAXOPSPACE 20
+
#define MAXNFA 1024
#define MAXTAG 10
@@ -454,11 +442,12 @@
*/
static int tagstk[MAXTAG]; /* subpat tag stack..*/
-static UCHAR nfa[MAXNFA]; /* automaton.. */
-static int sta = NOP; /* status of lastpat */
+static UCHAR *nfa = NULL; /* automaton.. */
+static int nfasize = MAXNFA; /* tracks size of nfa buffer */
+static int sta = NOP; /* status of lastpat */
-static UCHAR bittab[BITBLK]; /* bit table for CCL */
- /* pre-set bits... */
+static UCHAR bittab[BITBLK]; /* bit table for CCL */
+ /* pre-set bits... */
static UCHAR bitarr[] = {1,2,4,8,16,32,64,128};
#ifdef DEBUG
@@ -498,6 +487,21 @@
sta = NOP;
for (p = (UCHAR*)pat; *p; p++) {
+ /* Check if we are approaching end of nfa buffer. MAXOPSPACE is
+ the max we might add to the nfa per loop. */
+ if (mp - (UCHAR*)nfa + MAXOPSPACE >= nfasize) {
+ /* Save offsets */
+ ptrdiff_t mppos = mp - nfa;
+ ptrdiff_t sppos = sp - nfa;
+
+ /* Double the nfa buffer size */
+ nfasize *= 2;
+ nfa = (UCHAR*)slapi_ch_realloc((char*)nfa, nfasize);
+
+ /* Restore pointers into realloced space */
+ mp = nfa + mppos;
+ sp = nfa + sppos;
+ }
lp = mp;
switch(*p) {
@@ -1099,3 +1103,33 @@
}
#endif
#endif /* MACOS or DOS or NEED_BSDREGEX */
+
+static PRLock *regex_mutex = NULL;
+
+int
+slapd_re_init( void )
+{
+ if ( NULL == regex_mutex ) {
+ regex_mutex = PR_NewLock();
+ }
+
+ if ( NULL == nfa ) {
+ nfa = (UCHAR*)slapi_ch_malloc( MAXNFA );
+ }
+
+ return( NULL == regex_mutex ? -1 : 0 );
+}
+
+void
+slapd_re_lock( void )
+{
+ PR_ASSERT( NULL != regex_mutex );
+ PR_Lock( regex_mutex );
+}
+
+int
+slapd_re_unlock( void )
+{
+ PR_ASSERT( NULL != regex_mutex );
+ return( PR_Unlock( regex_mutex ) );
+}
16 years
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/syntaxes string.c, 1.9, 1.9.2.1
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20452/plugins/syntaxes
Modified Files:
Tag: Directory_Server_8_0_Branch
string.c
Log Message:
Resolves: #182621 (#443955)
Summary: Allow larger regex buffer to enable long substring filters
Description: Applying the patches provided by ulf.weltman(a)hp.com.
regex.c: use dynamically allocated regex buffer, use ptrdiff_t to store
the offsets to be restored after the realloc, and use a constant for the
value of "how much the NFA buffer can grow in one iteration on the pattern".
string.c: use dynamically allocated buffer if the prepared buffer is not
large enough, used wrong pointer (pat instead of p) in a debug message,
and performed an unneeded strcat of ".*"
Index: string.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes/string.c,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -r1.9 -r1.9.2.1
--- string.c 28 Sep 2007 23:46:40 -0000 1.9
+++ string.c 29 Apr 2008 00:38:00 -0000 1.9.2.1
@@ -189,8 +189,8 @@
string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final,
Slapi_Value **bvals, int syntax )
{
- int i, j, rc;
- char *p, *end, *realval, *tmpbuf;
+ int i, j, rc, size=0;
+ char *p, *end, *realval, *tmpbuf, *bigpat = NULL;
size_t tmpbufsize;
char pat[BUFSIZ];
char buf[BUFSIZ];
@@ -198,7 +198,6 @@
LDAPDebug( LDAP_DEBUG_FILTER, "=> string_filter_sub\n",
0, 0, 0 );
-
/*
* construct a regular expression corresponding to the
* filter and let regex do the work for each value
@@ -207,16 +206,33 @@
pat[0] = '\0';
p = pat;
end = pat + sizeof(pat) - 2; /* leave room for null */
+
if ( initial != NULL ) {
- value_normalize( initial, syntax, 1 /* trim leading blanks */ );
- strcpy( p, "^" );
- p = strchr( p, '\0' );
- /* 2 * in case every char is special */
- if ( p + 2 * strlen( initial ) > end ) {
- LDAPDebug( LDAP_DEBUG_ANY, "not enough pattern space\n",
- 0, 0, 0 );
- return( -1 );
+ size = strlen( initial ) + 1; /* add 1 for "^" */
+ }
+
+ if ( any != NULL ) {
+ i = 0;
+ while ( any[i] ) {
+ size += strlen(any[i++]) + 2; /* add 2 for ".*" */
}
+ }
+
+ if ( final != NULL ) {
+ size += strlen( final ) + 3; /* add 3 for ".*" and "$" */
+ }
+
+ size *= 2; /* doubled in case all filter chars need escaping */
+ size++; /* add 1 for null */
+
+ if ( p + size > end ) {
+ bigpat = slapi_ch_malloc( size );
+ p = bigpat;
+ }
+
+ if ( initial != NULL ) {
+ value_normalize( initial, syntax, 1 /* trim leading blanks */ );
+ *p++ = '^';
filter_strcpy_special( p, initial );
p = strchr( p, '\0' );
}
@@ -224,13 +240,8 @@
for ( i = 0; any[i] != NULL; i++ ) {
value_normalize( any[i], syntax, 0 /* DO NOT trim leading blanks */ );
/* ".*" + value */
- if ( p + 2 * strlen( any[i] ) + 2 > end ) {
- LDAPDebug( LDAP_DEBUG_ANY,
- "not enough pattern space\n", 0, 0, 0 );
- return( -1 );
- }
- strcpy( p, ".*" );
- p = strchr( p, '\0' );
+ *p++ = '.';
+ *p++ = '*';
filter_strcpy_special( p, any[i] );
p = strchr( p, '\0' );
}
@@ -238,28 +249,26 @@
if ( final != NULL ) {
value_normalize( final, syntax, 0 /* DO NOT trim leading blanks */ );
/* ".*" + value */
- if ( p + 2 * strlen( final ) + 2 > end ) {
- LDAPDebug( LDAP_DEBUG_ANY, "not enough pattern space\n",
- 0, 0, 0 );
- return( -1 );
- }
- strcpy( p, ".*" );
- p = strchr( p, '\0' );
+ *p++ = '.';
+ *p++ = '*';
filter_strcpy_special( p, final );
- p = strchr( p, '\0' );
- strcpy( p, "$" );
+ strcat( p, "$" );
}
/* compile the regex */
+ p = (bigpat) ? bigpat : pat;
slapd_re_lock();
- if ( (p = slapd_re_comp( pat )) != 0 ) {
+ if ( (tmpbuf = slapd_re_comp( p )) != 0 ) {
LDAPDebug( LDAP_DEBUG_ANY, "re_comp (%s) failed (%s)\n",
pat, p, 0 );
slapd_re_unlock();
- return( -1 );
+ if( bigpat != NULL ) {
+ slapi_ch_free((void**)&bigpat );
+ }
+ return( LDAP_OPERATIONS_ERROR );
} else {
- LDAPDebug( LDAP_DEBUG_TRACE, "re_comp (%s)\n",
- escape_string( pat, ebuf ), 0, 0 );
+ LDAPDebug( LDAP_DEBUG_TRACE, "re_comp (%s)\n",
+ escape_string( p, ebuf ), 0, 0 );
}
/*
@@ -300,6 +309,9 @@
if ( tmpbuf != NULL ) {
slapi_ch_free((void**)&tmpbuf );
}
+ if( bigpat != NULL ) {
+ slapi_ch_free((void**)&bigpat );
+ }
LDAPDebug( LDAP_DEBUG_FILTER, "<= string_filter_sub %d\n",
rc, 0, 0 );
16 years
[Fedora-directory-commits] ldapserver/ldap/servers/slapd regex.c, 1.5, 1.5.2.1
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20452/slapd
Modified Files:
Tag: Directory_Server_8_0_Branch
regex.c
Log Message:
Resolves: #182621 (#443955)
Summary: Allow larger regex buffer to enable long substring filters
Description: Applying the patches provided by ulf.weltman(a)hp.com.
regex.c: use dynamically allocated regex buffer, use ptrdiff_t to store
the offsets to be restored after the realloc, and use a constant for the
value of "how much the NFA buffer can grow in one iteration on the pattern".
string.c: use dynamically allocated buffer if the prepared buffer is not
large enough, used wrong pointer (pat instead of p) in a debug message,
and performed an unneeded strcat of ".*"
Index: regex.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/regex.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- regex.c 10 Nov 2006 23:45:40 -0000 1.5
+++ regex.c 29 Apr 2008 00:38:00 -0000 1.5.2.1
@@ -43,31 +43,6 @@
#include "slap.h" /* must come before regex.h */
#include "portable.h"
-static PRLock *regex_mutex = NULL;
-
-int
-slapd_re_init( void )
-{
- if ( NULL == regex_mutex ) {
- regex_mutex = PR_NewLock();
- }
- return( NULL == regex_mutex ? -1 : 0 );
-}
-
-void
-slapd_re_lock( void )
-{
- PR_ASSERT( NULL != regex_mutex );
- PR_Lock( regex_mutex );
-}
-
-int
-slapd_re_unlock( void )
-{
- PR_ASSERT( NULL != regex_mutex );
- return( PR_Unlock( regex_mutex ) );
-}
-
#if defined( MACOS ) || defined( DOS ) || defined( _WIN32 ) || defined( NEED_BSDREGEX )
#include "regex.h"
@@ -91,6 +66,17 @@
* Modification history:
*
* $Log$
+ * Revision 1.5.2.1 2008/04/29 00:38:00 nhosoi
+ * Resolves: #182621 (#443955)
+ * Summary: Allow larger regex buffer to enable long substring filters
+ * Description: Applying the patches provided by ulf.weltman(a)hp.com.
+ * regex.c: use dynamically allocated regex buffer, use ptrdiff_t to store
+ * the offsets to be restored after the realloc, and use a constant for the
+ * value of "how much the NFA buffer can grow in one iteration on the pattern".
+ * string.c: use dynamically allocated buffer if the prepared buffer is not
+ * large enough, used wrong pointer (pat instead of p) in a debug message,
+ * and performed an unneeded strcat of ".*"
+ *
* Revision 1.5 2006/11/10 23:45:40 nhosoi
* Resolves: #214533
* Summary: configure needs to support --with-fhs (Comment #6)
@@ -416,6 +402,12 @@
* matches: foo-foo fo-fo fob-fob foobar-foobar ...
*/
+/* This is the maximum the NFA buffer might grow for every op code processed.
+ The max seems to be the + after a character class, like "[a-z]+". It
+ needs 1 byte for the CCL code, 16 for the CCL bit map, and 2 for END codes
+ and 1 for a CLO code. */
+#define MAXOPSPACE 20
+
#define MAXNFA 1024
#define MAXTAG 10
@@ -454,11 +446,12 @@
*/
static int tagstk[MAXTAG]; /* subpat tag stack..*/
-static UCHAR nfa[MAXNFA]; /* automaton.. */
-static int sta = NOP; /* status of lastpat */
+static UCHAR *nfa = NULL; /* automaton.. */
+static int nfasize = MAXNFA; /* tracks size of nfa buffer */
+static int sta = NOP; /* status of lastpat */
-static UCHAR bittab[BITBLK]; /* bit table for CCL */
- /* pre-set bits... */
+static UCHAR bittab[BITBLK]; /* bit table for CCL */
+ /* pre-set bits... */
static UCHAR bitarr[] = {1,2,4,8,16,32,64,128};
#ifdef DEBUG
@@ -498,6 +491,21 @@
sta = NOP;
for (p = (UCHAR*)pat; *p; p++) {
+ /* Check if we are approaching end of nfa buffer. MAXOPSPACE is
+ the max we might add to the nfa per loop. */
+ if (mp - (UCHAR*)nfa + MAXOPSPACE >= nfasize) {
+ /* Save offsets */
+ ptrdiff_t mppos = mp - nfa;
+ ptrdiff_t sppos = sp - nfa;
+
+ /* Double the nfa buffer size */
+ nfasize *= 2;
+ nfa = (UCHAR*)slapi_ch_realloc((char*)nfa, nfasize);
+
+ /* Restore pointers into realloced space */
+ mp = nfa + mppos;
+ sp = nfa + sppos;
+ }
lp = mp;
switch(*p) {
@@ -1099,3 +1107,33 @@
}
#endif
#endif /* MACOS or DOS or NEED_BSDREGEX */
+
+static PRLock *regex_mutex = NULL;
+
+int
+slapd_re_init( void )
+{
+ if ( NULL == regex_mutex ) {
+ regex_mutex = PR_NewLock();
+ }
+
+ if ( NULL == nfa ) {
+ nfa = (UCHAR*)slapi_ch_malloc( MAXNFA );
+ }
+
+ return( NULL == regex_mutex ? -1 : 0 );
+}
+
+void
+slapd_re_lock( void )
+{
+ PR_ASSERT( NULL != regex_mutex );
+ PR_Lock( regex_mutex );
+}
+
+int
+slapd_re_unlock( void )
+{
+ PR_ASSERT( NULL != regex_mutex );
+ return( PR_Unlock( regex_mutex ) );
+}
16 years