From 7f4d92f77fb9da894f3e6e04efe777d1226334be Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Sat, 13 Jul 2024 21:09:14 -0400 Subject: [PATCH] fix panic for ParseDN with invalid input --- dn.go | 3 +++ dn_test.go | 32 ++++++++++++++++++++++++++++++++ errors.go | 1 + 3 files changed, 36 insertions(+) diff --git a/dn.go b/dn.go index ae0e1e7..8418376 100644 --- a/dn.go +++ b/dn.go @@ -209,6 +209,9 @@ func ParseDN(s string) (DN, error) { var r RDN for _, attr := range splitAttrs(rdn) { parts := splitAttr(attr) + if len(parts) < 2 { + return nil, ErrInvalidDN + } value, err := DecodeRDNAttributeValue(parts[1]) if err != nil { return nil, err diff --git a/dn_test.go b/dn_test.go index b0d3ef5..f7fe3bb 100644 --- a/dn_test.go +++ b/dn_test.go @@ -47,6 +47,38 @@ func TestEncodeDN(t *testing.T) { } } +func TestParseDN(t *testing.T) { + type dnTest struct { + dnStr string + dn ldapserver.DN + err error + } + tests := []dnTest{ + {"uid=jdoe,ou=users,dc=example,dc=com", + ldapserver.DN{{{"dc", "com"}}, {{"dc", "example"}}, {{"ou", "users"}}, {{"uid", "jdoe"}}}, nil}, + {"UID=jsmith,DC=example,DC=net", + ldapserver.DN{{{"DC", "net"}}, {{"DC", "example"}}, {{"UID", "jsmith"}}}, nil}, + {"CN=J. Smith+OU=Sales,DC=example,DC=net", + ldapserver.DN{{{"DC", "net"}}, {{"DC", "example"}}, {{"CN", "J. Smith"}, {"OU", "Sales"}}}, nil}, + {"CN=James \\\"Jim\\\" Smith,DC=example,DC=net", + ldapserver.DN{{{"DC", "net"}}, {{"DC", "example"}}, {{"CN", "James \"Jim\" Smith"}}}, nil}, + {"CN=Before\\0DAfter,DC=example,DC=net", + ldapserver.DN{{{"DC", "net"}}, {{"DC", "example"}}, {{"CN", "Before\rAfter"}}}, nil}, + {"CN=,DC=,DC=", ldapserver.DN{{{"DC", ""}}, {{"DC", ""}}, {{"CN", ""}}}, nil}, + {"CN", nil, ldapserver.ErrInvalidDN}, + {"CN=J. Smith,OU=Sales,DC=example,DC", nil, ldapserver.ErrInvalidDN}, + } + for _, dn := range tests { + pdn, err := ldapserver.ParseDN(dn.dnStr) + if err != dn.err { + t.Fatalf("Error parsing DN: %s", err) + } else if !pdn.Equal(dn.dn) { + t.Errorf("Expected %s", dn.dn) + t.Fatalf("Got %s", pdn) + } + } +} + func TestDNIsChild(t *testing.T) { type childTest struct { child string diff --git a/errors.go b/errors.go index f5b9be7..d8077a0 100644 --- a/errors.go +++ b/errors.go @@ -42,3 +42,4 @@ var ErrTLSAlreadySetUp = &LDAPError{message: "TLS already set up"} var ErrTLSNotAvailable = &LDAPError{message: "TLS not available"} var ErrWrongElementType = &LDAPError{message: "wrong element type"} var ErrWrongSequenceLength = &LDAPError{message: "wrong sequence length"} +var ErrInvalidDN = &LDAPError{message: "invalid DN"}