|
37 |
const Filter *slap_filter_objectClass_pres; |
37 |
const Filter *slap_filter_objectClass_pres; |
38 |
const struct berval *slap_filterstr_objectClass_pres; |
38 |
const struct berval *slap_filterstr_objectClass_pres; |
39 |
|
39 |
|
|
|
40 |
#ifndef SLAPD_MAX_FILTER_DEPTH |
41 |
#define SLAPD_MAX_FILTER_DEPTH 5000 |
42 |
#endif |
43 |
|
40 |
static int get_filter_list( |
44 |
static int get_filter_list( |
41 |
Operation *op, |
45 |
Operation *op, |
42 |
BerElement *ber, |
46 |
BerElement *ber, |
43 |
Filter **f, |
47 |
Filter **f, |
44 |
const char **text ); |
48 |
const char **text, |
|
|
49 |
int depth ); |
45 |
|
50 |
|
46 |
static int get_ssa( |
51 |
static int get_ssa( |
47 |
Operation *op, |
52 |
Operation *op, |
|
80 |
return; |
85 |
return; |
81 |
} |
86 |
} |
82 |
|
87 |
|
83 |
int |
88 |
static int |
84 |
get_filter( |
89 |
get_filter0( |
85 |
Operation *op, |
90 |
Operation *op, |
86 |
BerElement *ber, |
91 |
BerElement *ber, |
87 |
Filter **filt, |
92 |
Filter **filt, |
88 |
const char **text ) |
93 |
const char **text, |
|
|
94 |
int depth ) |
89 |
{ |
95 |
{ |
90 |
ber_tag_t tag; |
96 |
ber_tag_t tag; |
91 |
ber_len_t len; |
97 |
ber_len_t len; |
|
126 |
* |
132 |
* |
127 |
*/ |
133 |
*/ |
128 |
|
134 |
|
|
|
135 |
if( depth > SLAPD_MAX_FILTER_DEPTH ) { |
136 |
*text = "filter nested too deeply"; |
137 |
return SLAPD_DISCONNECT; |
138 |
} |
139 |
|
129 |
tag = ber_peek_tag( ber, &len ); |
140 |
tag = ber_peek_tag( ber, &len ); |
130 |
|
141 |
|
131 |
if( tag == LBER_ERROR ) { |
142 |
if( tag == LBER_ERROR ) { |
|
221 |
|
232 |
|
222 |
case LDAP_FILTER_AND: |
233 |
case LDAP_FILTER_AND: |
223 |
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); |
234 |
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); |
224 |
err = get_filter_list( op, ber, &f.f_and, text ); |
235 |
err = get_filter_list( op, ber, &f.f_and, text, depth+1 ); |
225 |
if ( err != LDAP_SUCCESS ) { |
236 |
if ( err != LDAP_SUCCESS ) { |
226 |
break; |
237 |
break; |
227 |
} |
238 |
} |
|
234 |
|
245 |
|
235 |
case LDAP_FILTER_OR: |
246 |
case LDAP_FILTER_OR: |
236 |
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); |
247 |
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); |
237 |
err = get_filter_list( op, ber, &f.f_or, text ); |
248 |
err = get_filter_list( op, ber, &f.f_or, text, depth+1 ); |
238 |
if ( err != LDAP_SUCCESS ) { |
249 |
if ( err != LDAP_SUCCESS ) { |
239 |
break; |
250 |
break; |
240 |
} |
251 |
} |
|
248 |
case LDAP_FILTER_NOT: |
259 |
case LDAP_FILTER_NOT: |
249 |
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); |
260 |
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); |
250 |
(void) ber_skip_tag( ber, &len ); |
261 |
(void) ber_skip_tag( ber, &len ); |
251 |
err = get_filter( op, ber, &f.f_not, text ); |
262 |
err = get_filter0( op, ber, &f.f_not, text, depth+1 ); |
252 |
if ( err != LDAP_SUCCESS ) { |
263 |
if ( err != LDAP_SUCCESS ) { |
253 |
break; |
264 |
break; |
254 |
} |
265 |
} |
|
311 |
return( err ); |
322 |
return( err ); |
312 |
} |
323 |
} |
313 |
|
324 |
|
|
|
325 |
int |
326 |
get_filter( |
327 |
Operation *op, |
328 |
BerElement *ber, |
329 |
Filter **filt, |
330 |
const char **text ) |
331 |
{ |
332 |
return get_filter0( op, ber, filt, text, 0 ); |
333 |
} |
334 |
|
335 |
|
314 |
static int |
336 |
static int |
315 |
get_filter_list( Operation *op, BerElement *ber, |
337 |
get_filter_list( Operation *op, BerElement *ber, |
316 |
Filter **f, |
338 |
Filter **f, |
317 |
const char **text ) |
339 |
const char **text, |
|
|
340 |
int depth ) |
318 |
{ |
341 |
{ |
319 |
Filter **new; |
342 |
Filter **new; |
320 |
int err; |
343 |
int err; |
Lines 328-334
get_filter_list( Operation *op, BerElement *ber,
|
Link Here
|
---|
|
328 |
tag != LBER_DEFAULT; |
351 |
tag != LBER_DEFAULT; |
329 |
tag = ber_next_element( ber, &len, last ) ) |
352 |
tag = ber_next_element( ber, &len, last ) ) |
330 |
{ |
353 |
{ |
331 |
err = get_filter( op, ber, new, text ); |
354 |
err = get_filter0( op, ber, new, text, depth ); |
332 |
if ( err != LDAP_SUCCESS ) |
355 |
if ( err != LDAP_SUCCESS ) |
333 |
return( err ); |
356 |
return( err ); |
334 |
new = &(*new)->f_next; |
357 |
new = &(*new)->f_next; |
335 |
- |
|
|