commit 2f64e4206e2e46a3c2ca4e19a5162f1df6fb97ea
author Asmitha Karunanithi <asmitk01@in.ibm.com> Thu Mar 10 01:35:21 2022 -0600
committer Sunitha Harish <sunithaharish04@gmail.com> Tue May 17 09:25:05 2022 +0000
tree 0f7afe2101856702045a09a3e311322446e3644f
parent 6dc7ed95c5bf07e8273d6fad79018f5f19a9b77e

Add port validation for ldap server uri

When a user sets the LDAP server URI with invalid port - value
either less than 0 or greater than 65536, the service should
return error instead of accepting invalid values.

The error that will be returned in this scenario:
Failed to set property LDAPServerURI on interface \
xyz.openbmc_project.User.Ldap.Config: Invalid argument was given.

Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: Ie9ff263310fbe97298fd6f18b871d82e300189a2

phosphor-ldap-config/utils.cpp

diff --git a/phosphor-ldap-config/utils.cpp b/phosphor-ldap-config/utils.cpp
index 8a8b86f..66e1474 100644
--- a/phosphor-ldap-config/utils.cpp
+++ b/phosphor-ldap-config/utils.cpp
@@ -4,6 +4,8 @@
 #include <ldap.h>
 #include <netdb.h>
 
+#include <boost/algorithm/string.hpp>
+
 #include <cstring>
 #include <memory>
 
@@ -14,6 +16,17 @@
 
 bool isValidLDAPURI(const std::string& URI, const char* scheme)
 {
+    // Return false if the user tries to configure port 0
+    // This check is not done in line 42, because ldap_url_parse
+    // method internally converts port 0 to ldap port 389 and it
+    // will always return true (thus allowing the user to
+    // configure port 0)
+
+    if (boost::algorithm::ends_with(URI, ":0"))
+    {
+        return false;
+    }
+
     LDAPURLDesc* ludpp = nullptr;
     int res = LDAP_URL_ERR_BADURL;
     res = ldap_url_parse(URI.c_str(), &ludpp);
@@ -32,6 +45,10 @@
     {
         return false;
     }
+    if (ludppPtr->lud_port < 0 || ludppPtr->lud_port > 65536)
+    {
+        return false;
+    }
     addrinfo hints{};
     addrinfo* servinfo = nullptr;
     hints.ai_family = AF_UNSPEC;

test/utils_test.cpp

diff --git a/test/utils_test.cpp b/test/utils_test.cpp
index d312685..7e152b6 100644
--- a/test/utils_test.cpp
+++ b/test/utils_test.cpp
@@ -64,6 +64,18 @@
 
     ipaddress = "ldaps://x.x.x.x";
     EXPECT_EQ(false, isValidLDAPURI(ipaddress.c_str(), LDAPSscheme));
+
+    ipaddress = "ldap://9.3.185.83:70000";
+    EXPECT_EQ(false, isValidLDAPURI(ipaddress.c_str(), LDAPscheme));
+
+    ipaddress = "ldap://9.3.185.83:-3";
+    EXPECT_EQ(false, isValidLDAPURI(ipaddress.c_str(), LDAPscheme));
+
+    ipaddress = "ldap://9.3.185.83:221";
+    EXPECT_EQ(true, isValidLDAPURI(ipaddress.c_str(), LDAPscheme));
+
+    ipaddress = "ldap://9.3.185.83:0";
+    EXPECT_EQ(false, isValidLDAPURI(ipaddress.c_str(), LDAPscheme));
 }
 } // namespace ldap
 } // namespace phosphor