[openldap] fix: allow unsetting of tls_* syncrepl options

jvcelak jvcelak at fedoraproject.org
Mon Sep 12 16:43:35 UTC 2011 

commit 9c0ef47ce4d4d90a9b2a5ba8a19c6231b46b0918
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Mon Sep 12 18:42:53 2011 +0200

    fix: allow unsetting of tls_* syncrepl options
    
    Resolves: #734187

 openldap-syncrepl-unset-tls-options.patch |   69 +++++++++++++++++++++++++++++
 openldap.spec                             |    3 +
 2 files changed, 72 insertions(+), 0 deletions(-)
---
diff --git a/openldap-syncrepl-unset-tls-options.patch b/openldap-syncrepl-unset-tls-options.patch
new file mode 100644
index 0000000..51836a8
--- /dev/null
+++ b/openldap-syncrepl-unset-tls-options.patch
@@ -0,0 +1,69 @@
+allow unsetting of tls_* syncrepl options
+
+Author: Patrick Monnerat <pm at datasphere.ch>
+Upstream ITS: #7042
+Resolves: #734187
+
+---
+ libraries/libldap/tls2.c |   16 ++++++++--------
+ 1 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
+index 5c35fb5..4c9eb30 100644
+--- a/libraries/libldap/tls2.c
++++ b/libraries/libldap/tls2.c
+@@ -731,27 +731,27 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_CACERTFILE:
+ 		if ( lo->ldo_tls_cacertfile ) LDAP_FREE( lo->ldo_tls_cacertfile );
+-		lo->ldo_tls_cacertfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_cacertfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_CACERTDIR:
+ 		if ( lo->ldo_tls_cacertdir ) LDAP_FREE( lo->ldo_tls_cacertdir );
+-		lo->ldo_tls_cacertdir = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_cacertdir = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_CERTFILE:
+ 		if ( lo->ldo_tls_certfile ) LDAP_FREE( lo->ldo_tls_certfile );
+-		lo->ldo_tls_certfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_certfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_KEYFILE:
+ 		if ( lo->ldo_tls_keyfile ) LDAP_FREE( lo->ldo_tls_keyfile );
+-		lo->ldo_tls_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_keyfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_DHFILE:
+ 		if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
+-		lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_dhfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_CRLFILE:	/* GnuTLS only */
+ 		if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
+-		lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_crlfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_REQUIRE_CERT:
+ 		if ( !arg ) return -1;
+@@ -779,7 +779,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ #endif
+ 	case LDAP_OPT_X_TLS_CIPHER_SUITE:
+ 		if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite );
+-		lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_ciphersuite = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 
+ 	case LDAP_OPT_X_TLS_PROTOCOL_MIN:
+@@ -790,7 +790,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ 		if ( ld != NULL )
+ 			return -1;
+ 		if ( lo->ldo_tls_randfile ) LDAP_FREE (lo->ldo_tls_randfile );
+-		lo->ldo_tls_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_randfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		break;
+ 	case LDAP_OPT_X_TLS_NEWCTX:
+ 		if ( !arg ) return -1;
+-- 
+1.7.6.1
+
diff --git a/openldap.spec b/openldap.spec
index 70dbc85..97469c5 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -41,6 +41,7 @@ Patch15: openldap-nss-wildcards.patch
 Patch16: openldap-dns-priority.patch
 Patch17: openldap-man-ldap-sync.patch
 Patch18: openldap-nss-handshake-threadsafe.patch
+Patch19: openldap-syncrepl-unset-tls-options.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -152,6 +153,7 @@ pushd openldap-%{version}
 %patch16 -p1 -b .dns-priority
 %patch17 -p1 -b .man-ldap-sync
 %patch18 -p1 -b .nss-handshake-threadsafe
+%patch19 -p1 -b .syncrepl-unset-tls-options
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -677,6 +679,7 @@ exit 0
 %changelog
 * Mon Sep 12 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.26-3
 - fix: SSL_ForceHandshake function is not thread safe (#701678)
+- fix: allow unsetting of tls_* syncrepl options (#734187)
 
 * Wed Aug 24 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.26-2
 - security hardening: library needs partial RELRO support added (#733071)

More information about the scm-commits mailing list