From fcb8e3f1f49bb34c409d8dbd75889eb72be05517 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 21 Apr 2014 21:33:36 +0200
Subject: LDAP: Fix off-by-one bug in sdap_copy_opts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The sdap_copy_opts function copied all the arguments except for the
sentinel.

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 Makefile.am                    |  3 +++
 src/providers/ldap/sdap.c      |  5 +++-
 src/tests/ipa_ldap_opt-tests.c | 55 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/Makefile.am b/Makefile.am
index 5dc359596..56d8e1df6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1215,6 +1215,9 @@ auth_tests_LDADD = \
 
 ipa_ldap_opt_tests_SOURCES = \
     src/providers/data_provider_opts.c \
+    src/providers/ldap/sdap.c \
+    src/providers/ldap/sdap_range.c \
+    src/util/sss_ldap.c \
     src/tests/ipa_ldap_opt-tests.c
 ipa_ldap_opt_tests_CFLAGS = \
     $(AM_CFLAGS) \
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index aa6b0e921..b303547a4 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -36,7 +36,7 @@ int sdap_copy_map(TALLOC_CTX *memctx,
     struct sdap_attr_map *map;
     int i;
 
-    map = talloc_array(memctx, struct sdap_attr_map, num_entries);
+    map = talloc_array(memctx, struct sdap_attr_map, num_entries + 1);
     if (!map) {
         return ENOMEM;
     }
@@ -64,6 +64,9 @@ int sdap_copy_map(TALLOC_CTX *memctx,
               map[i].name ? map[i].name : "");
     }
 
+    /* Include the sentinel */
+    memset(&map[num_entries], 0, sizeof(struct sdap_attr_map));
+
     *_map = map;
     return EOK;
 }
diff --git a/src/tests/ipa_ldap_opt-tests.c b/src/tests/ipa_ldap_opt-tests.c
index 25a094082..bbb49935d 100644
--- a/src/tests/ipa_ldap_opt-tests.c
+++ b/src/tests/ipa_ldap_opt-tests.c
@@ -48,6 +48,14 @@ struct test_domain test_domains[] = {
     { NULL, NULL}
 };
 
+/* Mock parsing search base without overlinking the test */
+errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
+                               struct dp_option *opts, int class,
+                               struct sdap_search_base ***_search_bases)
+{
+    return EOK;
+}
+
 START_TEST(test_domain_to_basedn)
 {
     int ret;
@@ -226,6 +234,49 @@ START_TEST(test_copy_opts)
 }
 END_TEST
 
+START_TEST(test_copy_sdap_map)
+{
+    errno_t ret;
+    struct sdap_attr_map *out_map;
+
+    ret = sdap_copy_map(global_talloc_context,
+                        rfc2307_user_map, SDAP_OPTS_USER, &out_map);
+    fail_unless(ret == EOK, "[%s]", strerror(ret));
+    fail_unless(out_map[SDAP_OPTS_USER].name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL);
+    talloc_free(out_map);
+
+    ret = sdap_copy_map(global_talloc_context,
+                        rfc2307bis_user_map, SDAP_OPTS_USER, &out_map);
+    fail_unless(ret == EOK, "[%s]", strerror(ret));
+    fail_unless(out_map[SDAP_OPTS_USER].name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL);
+    talloc_free(out_map);
+
+    ret = sdap_copy_map(global_talloc_context,
+                        ipa_user_map, SDAP_OPTS_USER, &out_map);
+    fail_unless(ret == EOK, "[%s]", strerror(ret));
+    fail_unless(out_map[SDAP_OPTS_USER].name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL);
+    talloc_free(out_map);
+
+    ret = sdap_copy_map(global_talloc_context,
+                        gen_ad2008r2_user_map, SDAP_OPTS_USER, &out_map);
+    fail_unless(ret == EOK, "[%s]", strerror(ret));
+    fail_unless(out_map[SDAP_OPTS_USER].name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].def_name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].sys_name == NULL);
+    fail_unless(out_map[SDAP_OPTS_USER].opt_name == NULL);
+    talloc_free(out_map);
+}
+END_TEST
+
 Suite *ipa_ldap_opt_suite (void)
 {
     Suite *s = suite_create ("ipa_ldap_opt");
@@ -245,6 +296,10 @@ Suite *ipa_ldap_opt_suite (void)
     tcase_add_test (tc_dp_opts, test_copy_opts);
     suite_add_tcase (s, tc_dp_opts);
 
+    TCase *tc_sdap_opts = tcase_create ("sdap_opts");
+    tcase_add_test (tc_sdap_opts, test_copy_sdap_map);
+    suite_add_tcase (s, tc_sdap_opts);
+
     return s;
 }
 
-- 
cgit