andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
Blob Blame History Raw
From d5c51aadcd15426608501128865c877bd5a2f50c Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz <lkrispen@redhat.com>
Date: Tue, 26 Nov 2013 09:15:53 +0100
Subject: [PATCH 150/225] Ticket 47591 - entries with empty objectclass
 attribute value can be hidden

Bug Description:   The problem is that for the empty value

	objectClass;vdcsn-5283b8e0000000c80000;deleted

	it is compared to "ldapsubentry" and "nstombstone"

	'if (PL_strncasecmp(type.bv_val,"tombstone",0)'

	and with length 0, this is always true.

Fix Description:   add a check bv_len >= strlen(valuetocompare)
			or	bv_len == strlen(valuetocompare)
			define constants for lengths

https://fedorahosted.org/389/ticket/47591

Reviewed by: richm, thanks
(cherry picked from commit 766e747e04d301a4cd48911b71d904847963940d)
---
 ldap/servers/slapd/entry.c        | 15 ++++++++-------
 ldap/servers/slapd/slapi-plugin.h | 15 ++++++++++++++-
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c
index a43dc21..d7df631 100644
--- a/ldap/servers/slapd/entry.c
+++ b/ldap/servers/slapd/entry.c
@@ -327,7 +327,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 			rawdn = NULL; /* Set once in the loop. 
 							 This won't affect the caller's passed address. */
 		}
-		if ( PL_strncasecmp( type.bv_val, "dn", type.bv_len ) == 0 ) {
+		if ( type.bv_len == SLAPI_ATTR_DN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_DN, type.bv_len ) == 0 ) {
 			if ( slapi_entry_get_dn_const(e)!=NULL ) {
 				char ebuf[ BUFSIZ ];
 				LDAPDebug( LDAP_DEBUG_TRACE,
@@ -363,7 +363,7 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 			continue;
 		}
 
-		if ( PL_strncasecmp( type.bv_val, "rdn", type.bv_len ) == 0 ) {
+		if ( type.bv_len == SLAPI_ATTR_RDN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_RDN, type.bv_len ) == 0 ) {
 			if ( NULL == slapi_entry_get_rdn_const( e )) {
 				slapi_entry_set_rdn( e, value.bv_val );
 			}
@@ -374,13 +374,13 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 
 		/* If SLAPI_STR2ENTRY_NO_ENTRYDN is set, skip entrydn */
 		if ( (flags & SLAPI_STR2ENTRY_NO_ENTRYDN) &&
-		     PL_strncasecmp( type.bv_val, "entrydn", type.bv_len ) == 0 ) {
+		     type.bv_len == SLAPI_ATTR_ENTRYDN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_ENTRYDN, type.bv_len ) == 0 ) {
 			if (freeval) slapi_ch_free_string(&value.bv_val);
 			continue;
 		}
 
 		/* retrieve uniqueid */
-		if ( PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){
+		if ( type.bv_len == SLAPI_ATTR_UNIQUEID_LENGTH && PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){
 
 			if (e->e_uniqueid != NULL){
 				LDAPDebug (LDAP_DEBUG_TRACE, 
@@ -398,10 +398,11 @@ str2entry_fast( const char *rawdn, char *s, int flags, int read_stateinfo )
 			continue;
 		}
 		
-		if (PL_strncasecmp(type.bv_val,"objectclass",type.bv_len) == 0) {
-			if (PL_strncasecmp(value.bv_val,"ldapsubentry",value.bv_len) == 0)
+		if (value_state == VALUE_PRESENT && type.bv_len >= SLAPI_ATTR_OBJECTCLASS_LENGTH
+				&& PL_strncasecmp(type.bv_val, SLAPI_ATTR_OBJECTCLASS, type.bv_len) == 0) {
+			if (value.bv_len >= SLAPI_ATTR_VALUE_SUBENTRY_LENGTH && PL_strncasecmp(value.bv_val,SLAPI_ATTR_VALUE_SUBENTRY,value.bv_len) == 0)
 				e->e_flags |= SLAPI_ENTRY_LDAPSUBENTRY;
-			if (PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0)
+			if (value.bv_len >= SLAPI_ATTR_VALUE_TOMBSTONE_LENGTH && PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0)
 				e->e_flags |= SLAPI_ENTRY_FLAG_TOMBSTONE;
 		}
 		
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 642f515..eeac43e 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -392,9 +392,22 @@ NSPR_API(PRUint32) PR_fprintf(struct PRFileDesc* fd, const char *fmt, ...)
 #define SLAPI_ATTR_OBJECTCLASS			"objectclass"
 #define SLAPI_ATTR_VALUE_TOMBSTONE		"nsTombstone"
 #define SLAPI_ATTR_VALUE_PARENT_UNIQUEID	"nsParentUniqueID"
+#define SLAPI_ATTR_VALUE_SUBENTRY		"ldapsubentry"
 #define SLAPI_ATTR_NSCP_ENTRYDN 		"nscpEntryDN"
 #define SLAPI_ATTR_ENTRYUSN 			"entryusn"
-#define SLAPI_ATTR_ENTRYDN 				"entrydn"
+#define SLAPI_ATTR_ENTRYDN 			"entrydn"
+#define SLAPI_ATTR_DN 				"dn"
+#define SLAPI_ATTR_RDN 				"rdn"
+#define SLAPI_ATTR_UNIQUEID_LENGTH		10
+#define SLAPI_ATTR_OBJECTCLASS_LENGTH		11
+#define SLAPI_ATTR_VALUE_TOMBSTONE_LENGTH	11
+#define SLAPI_ATTR_VALUE_PARENT_UNIQUEID_LENGTH	16
+#define SLAPI_ATTR_VALUE_SUBENTRY_LENGTH	12
+#define SLAPI_ATTR_NSCP_ENTRYDN_LENGTH 		11
+#define SLAPI_ATTR_ENTRYUSN_LENGTH 		8
+#define SLAPI_ATTR_ENTRYDN_LENGTH 		7
+#define SLAPI_ATTR_DN_LENGTH 			2
+#define SLAPI_ATTR_RDN_LENGTH 			3
 
 
 /* opaque structures */
-- 
1.8.1.4