[389-commits] Branch '389-ds-base-1.2.11' - 2 commits - ldap/servers

Richard Allen Megginson rmeggins at fedoraproject.org
Thu May 17 20:06:06 UTC 2012 

 ldap/servers/plugins/acl/aclparse.c          |    5 +++++
 ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c |    3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

New commits:
commit 58ec62b04fd3696bd77a0610fb8ede58e9fa64d4
Author: Charles Lopes <clopes at amazon.com>
Date:   Tue May 8 15:37:59 2012 +0000

    Bug #361: Bad DNs in ACIs can segfault ns-slapd
    
    A bad userdn will make the DN normalization fail.  This sets dn to NULL,
    and the server will attempt to access the NULL dn.
    The fix is to just return with an error if the normalization fails since
    the DN is invalid.
    Reviewed by: rmeggins
    (cherry picked from commit 8ba2982457e7d2143ae0c2af212412122592c284)

diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c
index 15b373b..39d9f6c 100644
--- a/ldap/servers/plugins/acl/aclparse.c
+++ b/ldap/servers/plugins/acl/aclparse.c
@@ -566,6 +566,11 @@ __aclp__copy_normalized_str (char *src, char *endsrc, char *start,
 		/* Normalize the value of userdn and append it to ret_str */
 		slapi_sdn_init_dn_byref(&sdn, p);
 		dn = slapi_sdn_get_dn(&sdn);
+		/* Normalization failed so return an error (-1) */
+		if (!dn) {
+			slapi_sdn_done(&sdn);
+			return -1;
+		}
 		/* append up to ldap(s):/// */
 		aclutil_str_append_ext(dest, destlen, start, p - start);
 		/* append the DN part */


commit 127afd747e304725763e076de33cd4151544da66
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date:   Thu May 17 11:37:44 2012 -0700

    Trac Ticket #338 - letters in object's cn get converted to
       lowercase when renaming object
    
    Fix description: In modrdn, if newrdn is different from the oldrdn
    only by upper/lower cases, it was ignored in the entryrdn code.
    This patch recognizes the change and updates the entryrdn index.
    commit b1ed11117e02c0ae670f05f9850b20fd9334d567
    (cherry picked from commit 197a8f5c6a4def3915cd07d07602e3ed80b082b0)

diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 5281f22..b548b29 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -542,7 +542,8 @@ entryrdn_rename_subtree(backend *be,
     if (newsrdn && slapi_rdn_get_rdn(newsrdn)) {
         /* if the new RDN value is identical to the old RDN,
          * we don't have to do "rename" */
-        if (strcmp(slapi_rdn_get_nrdn(newsrdn), slapi_rdn_get_nrdn(&oldsrdn))) {
+        /* Don't miss the case changes, too. */
+        if (strcmp(slapi_rdn_get_rdn(newsrdn), slapi_rdn_get_rdn(&oldsrdn))) {
             /* did not match; let's rename it */
             mynewsrdn = newsrdn;
         }

More information about the 389-commits mailing list