[389-commits] ldap/servers

Nathan Kinder nkinder at fedoraproject.org
Fri Dec 13 02:45:56 UTC 2013 

 ldap/servers/plugins/memberof/memberof_config.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

New commits:
commit 38bda615b3d3ace52f4965efcc21b97b2b6899a1
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Thu Dec 12 15:44:59 2013 -0800

    Ticket 47525 - Don't modify preop entry in memberOf config
    
    We shouldn't be modifying the preop entry we fetch from the pblock
    when validating the memberOf config.  We currently apply the mods
    to it when performing validation for a modify operation, but we
    should be making a copy of the entry to use for validation instead.
    
    Modifying the preop entry directly can cause crashing in some cases.

diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
index 58b35f6..36734ca 100644
--- a/ldap/servers/plugins/memberof/memberof_config.c
+++ b/ldap/servers/plugins/memberof/memberof_config.c
@@ -685,6 +685,7 @@ int
 memberof_shared_config_validate(Slapi_PBlock *pb)
 {
 	Slapi_Entry *e = 0;
+	Slapi_Entry *resulting_e = 0;
 	Slapi_DN *sdn = 0;
 	Slapi_Mods *smods = 0;
 	LDAPMod **mods = NULL;
@@ -708,13 +709,15 @@ memberof_shared_config_validate(Slapi_PBlock *pb)
 			smods = slapi_mods_new();
 			slapi_mods_init_byref(smods, mods);
 
-			/* Apply the mods to create the resulting entry. */
-			if (mods && (slapi_entry_apply_mods(e, mods) != LDAP_SUCCESS)) {
+			/* Create a copy of the entry and apply the
+			 * mods to create the resulting entry. */
+			resulting_e = slapi_entry_dup(e);
+			if (mods && (slapi_entry_apply_mods(resulting_e, mods) != LDAP_SUCCESS)) {
 				/* we don't care about this, the update is invalid and will be caught later */
 				goto bail;
 			}
 
-			if ( SLAPI_DSE_CALLBACK_ERROR == memberof_validate_config (pb, NULL, e, &ret, returntext,0)) {
+			if ( SLAPI_DSE_CALLBACK_ERROR == memberof_validate_config (pb, NULL, resulting_e, &ret, returntext,0)) {
 				slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
 								"%s", returntext);
 				ret = LDAP_UNWILLING_TO_PERFORM;
@@ -729,7 +732,7 @@ memberof_shared_config_validate(Slapi_PBlock *pb)
 
 bail:
 	slapi_mods_free(&smods);
-	slapi_entry_free(e);
+	slapi_entry_free(resulting_e);
 
 	return ret;
 }

More information about the 389-commits mailing list