From 5b980e3f933f00c0a099b1c42c6529334ca88255 Mon Sep 17 00:00:00 2001
From: leitner <leitner>
Date: Fri, 1 Apr 2005 21:53:33 +0000
Subject: [PATCH] ldapclient can now also query for no attributes mstorage_add
 can now allocate larger chunks (and parse uses 1 MiB) fix small oversight in
 addindex putting wrong index size in header more integer overflow checks in
 asn1 code (not security relevant) fix missing initialization in asn1 routines
 (not security relevant, code section not triggered by ldap)

---
 Makefile          |  2 +-
 addindex.c        |  4 ++--
 ldapclient.c      | 48 ++++++++++++++++++++++++-----------------------
 mstorage_add.c    |  4 +++-
 parse.c           |  4 ++++
 scan_asn1length.c |  7 +++++--
 scan_asn1tag.c    |  8 +++++++-
 7 files changed, 47 insertions(+), 30 deletions(-)

diff --git a/Makefile b/Makefile
index 39eff70..c5051b0 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-DEBUG=1
+# DEBUG=1
 
 all: t1 t2 parse dumpidx idx2ldif addindex bindrequest tinyldap \
 tinyldap_standalone tinyldap_debug ldapclient ldapclient_str \
diff --git a/addindex.c b/addindex.c
index 8908f83..ac251e4 100644
--- a/addindex.c
+++ b/addindex.c
@@ -141,7 +141,7 @@ int main(int argc,char* argv[]) {
 	buffer_putsflush(buffer_2,"could not re-open database file read-write\n");
 	exit(1);
       }
-      ftruncate(fd,filelen+(counted+3)*4*(fastindex+1));
+      ftruncate(fd,filelen+3*4+counted*4*(fastindex+1));
       map=mmap(0,filelen+(counted+3)*4*(fastindex+1),PROT_WRITE,MAP_SHARED,fd,0);
       if (map==(char*)-1) {
 	buffer_putsflush(buffer_2,"could not mmap database file read-write\n");
@@ -149,7 +149,7 @@ int main(int argc,char* argv[]) {
       }
       uint32_pack(map+casesensitive,ignorecase);
       uint32_pack(map+filelen,fastindex);
-      uint32_pack(map+filelen+4,filelen+3*4+(counted)*4*(fastindex+1));
+      uint32_pack(map+filelen+4,filelen+3*4+counted*4*(fastindex+1));
       uint32_pack(map+filelen+8,wanted);
       {
 	char* x=map+filelen+12;
diff --git a/ldapclient.c b/ldapclient.c
index c378899..543456e 100644
--- a/ldapclient.c
+++ b/ldapclient.c
@@ -41,9 +41,9 @@ int main(int argc,char* argv[]) {
   char buf[BUFSIZE];
   int len=0;
 
-  if (argc<5) {
+  if (argc<4) {
 usage:
-    buffer_putsflush(buffer_2,"usage: ldapclient ip baseObject filter foo [bar...]\n");
+    buffer_putsflush(buffer_2,"usage: ldapclient ip baseObject filter [foo...]\n");
     return 0;
   }
   sock=socket_tcp4();
@@ -67,29 +67,35 @@ usage:
       return 1;
     }
     i=4; /* This should be the first index to an attribute argument in argv[] */
-    adl.a.s=argv[i];
-    adl.a.l=str_len(argv[i]);
-    next=&adl;
-    ++i;
-    while (i<argc) {
-      struct AttributeDescriptionList *n;
-      n=malloc(sizeof(struct AttributeDescriptionList));
-      n->a.s=argv[i]; n->a.l=str_len(argv[i]);
-      n->next=0;
-      next->next=n;
-      next=n;
+    if (argc>4) {
+      adl.a.s=argv[i];
+      adl.a.l=str_len(argv[i]);
+      next=&adl;
+      ++i;
+      while (i<argc) {
+	struct AttributeDescriptionList *n;
+	n=malloc(sizeof(struct AttributeDescriptionList));
+	n->a.s=argv[i]; n->a.l=str_len(argv[i]);
+	n->next=0;
+	next->next=n;
+	next=n;
 
-      buffer_puts(buffer_2,"requesting ");
-      buffer_puts(buffer_2,argv[i]);
-      buffer_putnlflush(buffer_2);
+#if 0
+	buffer_puts(buffer_2,"requesting ");
+	buffer_puts(buffer_2,argv[i]);
+	buffer_putnlflush(buffer_2);
+#endif
 
-      i++;
+	i++;
+      }
+      sr.attributes=&adl;
+    } else {
+      sr.attributes=0;
     }
     sr.baseObject.s=argv[2]; sr.baseObject.l=str_len(sr.baseObject.s);
     sr.scope=wholeSubtree; sr.derefAliases=neverDerefAliases;
     sr.sizeLimit=sr.timeLimit=sr.typesOnly=0;
     sr.filter=f;
-    sr.attributes=&adl;
     len=fmt_ldapsearchrequest(buf+100,&sr);
     {
       int tmp=fmt_ldapmessage(0,++messageid,SearchRequest,len);
@@ -151,9 +157,9 @@ nextmessage:
 		    if (!adl) break;
 		  }
 		} while (adl);
-		buffer_putsflush(buffer_1,"\n");
 		pal=pal->next;
 	      }
+	      buffer_putsflush(buffer_1,"\n");
 	      free_ldapsearchresultentry(&sre);
 	    } else
 	      goto copypartialandcontinue;
@@ -170,10 +176,6 @@ nextmessage:
 	    goto nextmessage;
 	  }
 	} else {
-	  if (len-cur>200) {
-	    buffer_putsflush(buffer_2,"nanu?!\n");
-	    tmp2=scan_ldapmessage(buf+cur,buf+len,&mid,&op,&slen);
-	  }
 	  /* copy partial message */
 copypartialandcontinue:
 	  byte_copy(buf,len-cur,buf+cur);
diff --git a/mstorage_add.c b/mstorage_add.c
index f77a195..3431af6 100644
--- a/mstorage_add.c
+++ b/mstorage_add.c
@@ -14,6 +14,8 @@
 
 #define PAGEMASK ((PAGE_SIZE)-1)
 
+unsigned long mstorage_increment=4*PAGE_SIZE;
+
 /* Sadly, mremap is only available on Linux */
 /* Please petition your congressman^Woperating system vendor to include it! */
 
@@ -43,7 +45,7 @@ long mstorage_add(mstorage_t* p,const char* s,unsigned long n) {
       p->mapped=need;
       p->used=0;
     } else {
-      long need=((p->used+n)|PAGEMASK)+1;
+      long need=((p->used+n)|PAGEMASK)+1+mstorage_increment;
       char* tmp;
 #ifdef MREMAP_MAYMOVE
       tmp=mremap(p->root,p->mapped,need,MREMAP_MAYMOVE);
diff --git a/parse.c b/parse.c
index d3a1d05..a874bbd 100644
--- a/parse.c
+++ b/parse.c
@@ -51,6 +51,8 @@ extern int (*ldif_parse_callback)(struct ldaprec* l);
 #define PAGE_SIZE 4096
 #endif
 
+extern unsigned long mstorage_increment;
+
 /* for debugging and error messages */
 /* ldaprec is the struct used by ldif_parse.c */
 void dumprec(struct ldaprec* l) {
@@ -148,6 +150,8 @@ int main(int argc,char* argv[]) {
   long offset_stringtable;
   char* map,* dest;
 
+  mstorage_increment=1024*1024;		/* always grow mstorages by 1 additional MiB to reduce mmap overhead */
+
   tempname=alloca(strlen(destname)+10);
   mstorage_init(&record_offsets);
 
diff --git a/scan_asn1length.c b/scan_asn1length.c
index 6aa2ad1..7213ef9 100644
--- a/scan_asn1length.c
+++ b/scan_asn1length.c
@@ -3,11 +3,14 @@
 int scan_asn1length(const char* src,const char* max,unsigned long* length) {
   const char* orig=src;
   if (src>max) return 0;
+/* If the highest bit of the first byte is clear, the byte is the length.
+ * Otherwise the next n bytes are the length (n being the lower 7 bits) */
   if (*src&0x80) {
     int chars=*src&0x7f;
-    long l=0;
+    unsigned long l=0;
     while (chars>0) {
       if (++src>=max) return 0;
+      if (l>(((unsigned long)-1)>>8)) return 0;	/* catch integer overflow */
       l=l*256+(unsigned char)*src;
       --chars;
     }
@@ -15,7 +18,7 @@ int scan_asn1length(const char* src,const char* max,unsigned long* length) {
   } else
     *length=*src&0x7f;
   src++;
-  if (src+*length>max) return 0;
+  if (src+*length>max) return 0;	/* catch integer overflow */
   if (src+*length<src) return 0;
   return src-orig;
 }
diff --git a/scan_asn1tag.c b/scan_asn1tag.c
index 5287fd1..b3cc509 100644
--- a/scan_asn1tag.c
+++ b/scan_asn1tag.c
@@ -5,13 +5,19 @@ int scan_asn1tag(const char* src,const char* max,enum asn1_tagclass* tc,enum asn
   *tc=(*src&0xC0);
   *tt=(*src&0x20);
   if (max<src) return 0;
+/* The lower 5 bits are the tag, unless it's 0x1f, in which case the
+ * next bytes are the tag: always take the lower 7 bits; the last byte
+ * in the sequence is marked by a cleared high bit */
   if ((*src & 0x1f) == 0x1f) {
+    unsigned long l=0;
     for (;;) {
       ++src;
       if (src>max) return 0;
-      *tag=*tag*128+(*src&0x7F);
+      if (l>(((unsigned long)-1)>>7)) return 0;	/* catch integer overflow */
+      l=l*128+(*src&0x7F);
       if (!(*src&0x80)) break;
     }
+    *tag=l;
     return (src-orig+1);
   } else {
     *tag=*src&0x1f;