From d5c51aadcd15426608501128865c877bd5a2f50c Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz <lkrispen@redhat.com>
Date: Tue, 26 Nov 2013 09:15:53 +0100
Subject: [PATCH 150/225] Ticket 47591 - entries with empty objectclass
attribute value can be hidden
Bug Description: The problem is that for the empty value
objectClass;vdcsn-5283b8e0000000c80000;deleted
it is compared to "ldapsubentry" and "nstombstone"
'if (PL_strncasecmp(type.bv_val,"tombstone",0)'
and with length 0, this is always true.
Fix Description: add a check bv_len >= strlen(valuetocompare)
or bv_len == strlen(valuetocompare)
define constants for lengths
https://fedorahosted.org/389/ticket/47591
Reviewed by: richm, thanks
(cherry picked from commit 766e747e04d301a4cd48911b71d904847963940d)
---
ldap/servers/slapd/entry.c | 15 ++++++++-------
ldap/servers/slapd/slapi-plugin.h | 15 ++++++++++++++-
2 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c
index a43dc21..d7df631 100644
--- a/ldap/servers/slapd/entry.c
+++ b/ldap/servers/slapd/entry.c
@@ -327,7 +327,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
rawdn = NULL; /* Set once in the loop.
This won't affect the caller's passed address. */
}
- if ( PL_strncasecmp( type.bv_val, "dn", type.bv_len ) == 0 ) {
+ if ( type.bv_len == SLAPI_ATTR_DN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_DN, type.bv_len ) == 0 ) {
if ( slapi_entry_get_dn_const(e)!=NULL ) {
char ebuf[ BUFSIZ ];
LDAPDebug( LDAP_DEBUG_TRACE,
@@ -363,7 +363,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
continue;
}
- if ( PL_strncasecmp( type.bv_val, "rdn", type.bv_len ) == 0 ) {
+ if ( type.bv_len == SLAPI_ATTR_RDN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_RDN, type.bv_len ) == 0 ) {
if ( NULL == slapi_entry_get_rdn_const( e )) {
slapi_entry_set_rdn( e, value.bv_val );
}
@@ -374,13 +374,13 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
/* If SLAPI_STR2ENTRY_NO_ENTRYDN is set, skip entrydn */
if ( (flags & SLAPI_STR2ENTRY_NO_ENTRYDN) &&
- PL_strncasecmp( type.bv_val, "entrydn", type.bv_len ) == 0 ) {
+ type.bv_len == SLAPI_ATTR_ENTRYDN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_ENTRYDN, type.bv_len ) == 0 ) {
if (freeval) slapi_ch_free_string(&value.bv_val);
continue;
}
/* retrieve uniqueid */
- if ( PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){
+ if ( type.bv_len == SLAPI_ATTR_UNIQUEID_LENGTH && PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){
if (e->e_uniqueid != NULL){
LDAPDebug (LDAP_DEBUG_TRACE,
@@ -398,10 +398,11 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
continue;
}
- if (PL_strncasecmp(type.bv_val,"objectclass",type.bv_len) == 0) {
- if (PL_strncasecmp(value.bv_val,"ldapsubentry",value.bv_len) == 0)
+ if (value_state == VALUE_PRESENT && type.bv_len >= SLAPI_ATTR_OBJECTCLASS_LENGTH
+ && PL_strncasecmp(type.bv_val, SLAPI_ATTR_OBJECTCLASS, type.bv_len) == 0) {
+ if (value.bv_len >= SLAPI_ATTR_VALUE_SUBENTRY_LENGTH && PL_strncasecmp(value.bv_val,SLAPI_ATTR_VALUE_SUBENTRY,value.bv_len) == 0)
e->e_flags |= SLAPI_ENTRY_LDAPSUBENTRY;
- if (PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0)
+ if (value.bv_len >= SLAPI_ATTR_VALUE_TOMBSTONE_LENGTH && PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0)
e->e_flags |= SLAPI_ENTRY_FLAG_TOMBSTONE;
}
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 642f515..eeac43e 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -392,9 +392,22 @@ NSPR_API(PRUint32) PR_fprintf(struct PRFileDesc* fd, const char *fmt, ...)
#define SLAPI_ATTR_OBJECTCLASS "objectclass"
#define SLAPI_ATTR_VALUE_TOMBSTONE "nsTombstone"
#define SLAPI_ATTR_VALUE_PARENT_UNIQUEID "nsParentUniqueID"
+#define SLAPI_ATTR_VALUE_SUBENTRY "ldapsubentry"
#define SLAPI_ATTR_NSCP_ENTRYDN "nscpEntryDN"
#define SLAPI_ATTR_ENTRYUSN "entryusn"
-#define SLAPI_ATTR_ENTRYDN "entrydn"
+#define SLAPI_ATTR_ENTRYDN "entrydn"
+#define SLAPI_ATTR_DN "dn"
+#define SLAPI_ATTR_RDN "rdn"
+#define SLAPI_ATTR_UNIQUEID_LENGTH 10
+#define SLAPI_ATTR_OBJECTCLASS_LENGTH 11
+#define SLAPI_ATTR_VALUE_TOMBSTONE_LENGTH 11
+#define SLAPI_ATTR_VALUE_PARENT_UNIQUEID_LENGTH 16
+#define SLAPI_ATTR_VALUE_SUBENTRY_LENGTH 12
+#define SLAPI_ATTR_NSCP_ENTRYDN_LENGTH 11
+#define SLAPI_ATTR_ENTRYUSN_LENGTH 8
+#define SLAPI_ATTR_ENTRYDN_LENGTH 7
+#define SLAPI_ATTR_DN_LENGTH 2
+#define SLAPI_ATTR_RDN_LENGTH 3
/* opaque structures */
--
1.8.1.4