← Back to branch summary

~ubuntu-branches/ubuntu/hardy/openldap2.3/hardy-updates

« back to all changes in this revision

Viewing changes to servers/slapd/back-sql/util.c

  • Committer: Bazaar Package Importer
  • Author(s): Kees Cook
  • Date: 2008-07-31 16:06:53 UTC
  • mfrom: (16.1.3 hardy-proposed)
  • Revision ID: james.westby@ubuntu.com-20080731160653-np1dr19qfutmqb0v
Tags: 2.4.9-0ubuntu0.8.04.1
* SECURITY UPDATE: denial of service via broken BER decoding.
* Added debian/patches/security-ber-decoding.patch: upstream fixes.
* References
  CVE-2008-2952

Show diffs side-by-side

added added

removed removed

Lines of Context:
servers/slapd/back-sql/util.c
1
 
/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/util.c,v 1.45.2.2 2007/08/31 23:14:05 quanah Exp $ */
 
1
/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/util.c,v 1.45.2.4 2008/02/11 23:26:48 kurt Exp $ */
2
2
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3
3
 *
4
 
 * Copyright 1999-2007 The OpenLDAP Foundation.
 
4
 * Copyright 1999-2008 The OpenLDAP Foundation.
5
5
 * Portions Copyright 1999 Dmitry Kovalev.
6
6
 * Portions Copyright 2002 Pierangelo Masarati.
7
7
 * All rights reserved.
37
37
 
38
38
#define BACKSQL_STR_GROW 256
39
39
 
40
 
char backsql_def_oc_query[] = 
 
40
const char backsql_def_oc_query[] = 
41
41
        "SELECT id,name,keytbl,keycol,create_proc,delete_proc,expect_return "
42
42
        "FROM ldap_oc_mappings";
43
 
char backsql_def_needs_select_oc_query[] = 
 
43
const char backsql_def_needs_select_oc_query[] = 
44
44
        "SELECT id,name,keytbl,keycol,create_proc,create_keyval,delete_proc,"
45
45
        "expect_return FROM ldap_oc_mappings";
46
 
char backsql_def_at_query[] = 
 
46
const char backsql_def_at_query[] = 
47
47
        "SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,"
48
48
        "param_order,expect_return,sel_expr_u FROM ldap_attr_mappings "
49
49
        "WHERE oc_map_id=?";
50
 
char backsql_def_delentry_stmt[] = "DELETE FROM ldap_entries WHERE id=?";
51
 
char backsql_def_renentry_stmt[] =
 
50
const char backsql_def_delentry_stmt[] = "DELETE FROM ldap_entries WHERE id=?";
 
51
const char backsql_def_renentry_stmt[] =
52
52
        "UPDATE ldap_entries SET dn=?,parent=?,keyval=? WHERE id=?";
53
 
char backsql_def_insentry_stmt[] = 
 
53
const char backsql_def_insentry_stmt[] = 
54
54
        "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) "
55
55
        "VALUES (?,?,?,?)";
56
 
char backsql_def_delobjclasses_stmt[] = "DELETE FROM ldap_entry_objclasses "
 
56
const char backsql_def_delobjclasses_stmt[] = "DELETE FROM ldap_entry_objclasses "
57
57
        "WHERE entry_id=?";
58
 
char backsql_def_subtree_cond[] = "ldap_entries.dn LIKE CONCAT('%',?)";
59
 
char backsql_def_upper_subtree_cond[] = "(ldap_entries.dn) LIKE CONCAT('%',?)";
60
 
char backsql_id_query[] = "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE ";
 
58
const char backsql_def_subtree_cond[] = "ldap_entries.dn LIKE CONCAT('%',?)";
 
59
const char backsql_def_upper_subtree_cond[] = "(ldap_entries.dn) LIKE CONCAT('%',?)";
 
60
const char backsql_id_query[] = "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE ";
61
61
/* better ?||? or cast(?||? as varchar) */ 
62
 
char backsql_def_concat_func[] = "CONCAT(?,?)";
 
62
const char backsql_def_concat_func[] = "CONCAT(?,?)";
63
63
 
64
64
/* TimesTen */
65
 
char backsql_check_dn_ru_query[] = "SELECT dn_ru FROM ldap_entries";
 
65
const char backsql_check_dn_ru_query[] = "SELECT dn_ru FROM ldap_entries";
66
66
 
67
67
struct berbuf *
68
68
backsql_strcat_x( struct berbuf *dest, void *memctx, ... )