|
|
|---|
| 37 |
const Filter *slap_filter_objectClass_pres; |
37 |
const Filter *slap_filter_objectClass_pres; |
| 38 |
const struct berval *slap_filterstr_objectClass_pres; |
38 |
const struct berval *slap_filterstr_objectClass_pres; |
| 39 |
|
39 |
|
|
|
40 |
#ifndef SLAPD_MAX_FILTER_DEPTH |
| 41 |
#define SLAPD_MAX_FILTER_DEPTH 5000 |
| 42 |
#endif |
| 43 |
|
| 40 |
static int get_filter_list( |
44 |
static int get_filter_list( |
| 41 |
Operation *op, |
45 |
Operation *op, |
| 42 |
BerElement *ber, |
46 |
BerElement *ber, |
| 43 |
Filter **f, |
47 |
Filter **f, |
| 44 |
const char **text ); |
48 |
const char **text, |
|
|
49 |
int depth ); |
| 45 |
|
50 |
|
| 46 |
static int get_ssa( |
51 |
static int get_ssa( |
| 47 |
Operation *op, |
52 |
Operation *op, |
|
|
|---|
| 80 |
return; |
85 |
return; |
| 81 |
} |
86 |
} |
| 82 |
|
87 |
|
| 83 |
int |
88 |
static int |
| 84 |
get_filter( |
89 |
get_filter0( |
| 85 |
Operation *op, |
90 |
Operation *op, |
| 86 |
BerElement *ber, |
91 |
BerElement *ber, |
| 87 |
Filter **filt, |
92 |
Filter **filt, |
| 88 |
const char **text ) |
93 |
const char **text, |
|
|
94 |
int depth ) |
| 89 |
{ |
95 |
{ |
| 90 |
ber_tag_t tag; |
96 |
ber_tag_t tag; |
| 91 |
ber_len_t len; |
97 |
ber_len_t len; |
|
|
|---|
| 126 |
* |
132 |
* |
| 127 |
*/ |
133 |
*/ |
| 128 |
|
134 |
|
|
|
135 |
if( depth > SLAPD_MAX_FILTER_DEPTH ) { |
| 136 |
*text = "filter nested too deeply"; |
| 137 |
return SLAPD_DISCONNECT; |
| 138 |
} |
| 139 |
|
| 129 |
tag = ber_peek_tag( ber, &len ); |
140 |
tag = ber_peek_tag( ber, &len ); |
| 130 |
|
141 |
|
| 131 |
if( tag == LBER_ERROR ) { |
142 |
if( tag == LBER_ERROR ) { |
|
|
|---|
| 221 |
|
232 |
|
| 222 |
case LDAP_FILTER_AND: |
233 |
case LDAP_FILTER_AND: |
| 223 |
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); |
234 |
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); |
| 224 |
err = get_filter_list( op, ber, &f.f_and, text ); |
235 |
err = get_filter_list( op, ber, &f.f_and, text, depth+1 ); |
| 225 |
if ( err != LDAP_SUCCESS ) { |
236 |
if ( err != LDAP_SUCCESS ) { |
| 226 |
break; |
237 |
break; |
| 227 |
} |
238 |
} |
|
|
|---|
| 234 |
|
245 |
|
| 235 |
case LDAP_FILTER_OR: |
246 |
case LDAP_FILTER_OR: |
| 236 |
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); |
247 |
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); |
| 237 |
err = get_filter_list( op, ber, &f.f_or, text ); |
248 |
err = get_filter_list( op, ber, &f.f_or, text, depth+1 ); |
| 238 |
if ( err != LDAP_SUCCESS ) { |
249 |
if ( err != LDAP_SUCCESS ) { |
| 239 |
break; |
250 |
break; |
| 240 |
} |
251 |
} |
|
|
|---|
| 248 |
case LDAP_FILTER_NOT: |
259 |
case LDAP_FILTER_NOT: |
| 249 |
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); |
260 |
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); |
| 250 |
(void) ber_skip_tag( ber, &len ); |
261 |
(void) ber_skip_tag( ber, &len ); |
| 251 |
err = get_filter( op, ber, &f.f_not, text ); |
262 |
err = get_filter0( op, ber, &f.f_not, text, depth+1 ); |
| 252 |
if ( err != LDAP_SUCCESS ) { |
263 |
if ( err != LDAP_SUCCESS ) { |
| 253 |
break; |
264 |
break; |
| 254 |
} |
265 |
} |
|
|
|---|
| 311 |
return( err ); |
322 |
return( err ); |
| 312 |
} |
323 |
} |
| 313 |
|
324 |
|
|
|
325 |
int |
| 326 |
get_filter( |
| 327 |
Operation *op, |
| 328 |
BerElement *ber, |
| 329 |
Filter **filt, |
| 330 |
const char **text ) |
| 331 |
{ |
| 332 |
return get_filter0( op, ber, filt, text, 0 ); |
| 333 |
} |
| 334 |
|
| 335 |
|
| 314 |
static int |
336 |
static int |
| 315 |
get_filter_list( Operation *op, BerElement *ber, |
337 |
get_filter_list( Operation *op, BerElement *ber, |
| 316 |
Filter **f, |
338 |
Filter **f, |
| 317 |
const char **text ) |
339 |
const char **text, |
|
|
340 |
int depth ) |
| 318 |
{ |
341 |
{ |
| 319 |
Filter **new; |
342 |
Filter **new; |
| 320 |
int err; |
343 |
int err; |
|
Lines 328-334
get_filter_list( Operation *op, BerElement *ber,
|
Link Here
|
|---|
|
|---|
| 328 |
tag != LBER_DEFAULT; |
351 |
tag != LBER_DEFAULT; |
| 329 |
tag = ber_next_element( ber, &len, last ) ) |
352 |
tag = ber_next_element( ber, &len, last ) ) |
| 330 |
{ |
353 |
{ |
| 331 |
err = get_filter( op, ber, new, text ); |
354 |
err = get_filter0( op, ber, new, text, depth ); |
| 332 |
if ( err != LDAP_SUCCESS ) |
355 |
if ( err != LDAP_SUCCESS ) |
| 333 |
return( err ); |
356 |
return( err ); |
| 334 |
new = &(*new)->f_next; |
357 |
new = &(*new)->f_next; |
| 335 |
- |
|
|