Add port validation for ldap server uri
When a user sets the LDAP server URI with invalid port - value
either less than 0 or greater than 65536, the service should
return error instead of accepting invalid values.
The error that will be returned in this scenario:
Failed to set property LDAPServerURI on interface \
xyz.openbmc_project.User.Ldap.Config: Invalid argument was given.
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: Ie9ff263310fbe97298fd6f18b871d82e300189a2
diff --git a/phosphor-ldap-config/utils.cpp b/phosphor-ldap-config/utils.cpp
index 8a8b86f..66e1474 100644
--- a/phosphor-ldap-config/utils.cpp
+++ b/phosphor-ldap-config/utils.cpp
@@ -4,6 +4,8 @@
#include <ldap.h>
#include <netdb.h>
+#include <boost/algorithm/string.hpp>
+
#include <cstring>
#include <memory>
@@ -14,6 +16,17 @@
bool isValidLDAPURI(const std::string& URI, const char* scheme)
{
+ // Return false if the user tries to configure port 0
+ // This check is not done in line 42, because ldap_url_parse
+ // method internally converts port 0 to ldap port 389 and it
+ // will always return true (thus allowing the user to
+ // configure port 0)
+
+ if (boost::algorithm::ends_with(URI, ":0"))
+ {
+ return false;
+ }
+
LDAPURLDesc* ludpp = nullptr;
int res = LDAP_URL_ERR_BADURL;
res = ldap_url_parse(URI.c_str(), &ludpp);
@@ -32,6 +45,10 @@
{
return false;
}
+ if (ludppPtr->lud_port < 0 || ludppPtr->lud_port > 65536)
+ {
+ return false;
+ }
addrinfo hints{};
addrinfo* servinfo = nullptr;
hints.ai_family = AF_UNSPEC;