From 5edce023ae5977bebfdfd05ad21febc51c5b428b Mon Sep 17 00:00:00 2001 From: Ludwig Krispenz Date: Tue, 26 Nov 2013 09:15:53 +0100 Subject: [PATCH 62/65] Ticket 47591 - entries with empty objectclass attribute value can be hidden Bug Description: The problem is that for the empty value objectClass;vdcsn-5283b8e0000000c80000;deleted it is compared to "ldapsubentry" and "nstombstone" 'if (PL_strncasecmp(type.bv_val,"tombstone",0)' and with length 0, this is always true. Fix Description: add a check bv_len >= strlen(valuetocompare) or bv_len == strlen(valuetocompare) define constants for lengths https://fedorahosted.org/389/ticket/47591 Reviewed by: richm, thanks (cherry picked from commit 6b47eb4f54ff1e0a8b9c4aa9f3e6c3c3d958fd56) --- ldap/servers/slapd/entry.c | 15 ++++++++------- ldap/servers/slapd/slapi-plugin.h | 15 ++++++++++++++- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c index e0248c8..60e1dfe 100644 --- a/ldap/servers/slapd/entry.c +++ b/ldap/servers/slapd/entry.c @@ -340,7 +340,7 @@ str2entry_fast( const char *rawdn, const Slapi_RDN *srdn, char *s, int flags, in rawdn = NULL; /* Set once in the loop. This won't affect the caller's passed address. */ } - if ( PL_strncasecmp( type.bv_val, "dn", type.bv_len ) == 0 ) { + if ( type.bv_len == SLAPI_ATTR_DN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_DN, type.bv_len ) == 0 ) { if ( slapi_entry_get_dn_const(e)!=NULL ) { char ebuf[ BUFSIZ ]; LDAPDebug( LDAP_DEBUG_TRACE, @@ -376,7 +376,7 @@ str2entry_fast( const char *rawdn, const Slapi_RDN *srdn, char *s, int flags, in continue; } - if ( PL_strncasecmp( type.bv_val, "rdn", type.bv_len ) == 0 ) { + if ( type.bv_len == SLAPI_ATTR_RDN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_RDN, type.bv_len ) == 0 ) { if ( NULL == slapi_entry_get_rdn_const( e )) { slapi_entry_set_rdn( e, value.bv_val ); } @@ -387,13 +387,13 @@ str2entry_fast( const char *rawdn, const Slapi_RDN *srdn, char *s, int flags, in /* If SLAPI_STR2ENTRY_NO_ENTRYDN is set, skip entrydn */ if ( (flags & SLAPI_STR2ENTRY_NO_ENTRYDN) && - PL_strncasecmp( type.bv_val, "entrydn", type.bv_len ) == 0 ) { + type.bv_len == SLAPI_ATTR_ENTRYDN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_ENTRYDN, type.bv_len ) == 0 ) { if (freeval) slapi_ch_free_string(&value.bv_val); continue; } /* retrieve uniqueid */ - if ( PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){ + if ( type.bv_len == SLAPI_ATTR_UNIQUEID_LENGTH && PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){ if (e->e_uniqueid != NULL){ LDAPDebug (LDAP_DEBUG_TRACE, @@ -411,10 +411,11 @@ str2entry_fast( const char *rawdn, const Slapi_RDN *srdn, char *s, int flags, in continue; } - if (PL_strncasecmp(type.bv_val,"objectclass",type.bv_len) == 0) { - if (PL_strncasecmp(value.bv_val,"ldapsubentry",value.bv_len) == 0) + if (value_state == VALUE_PRESENT && type.bv_len >= SLAPI_ATTR_OBJECTCLASS_LENGTH + && PL_strncasecmp(type.bv_val, SLAPI_ATTR_OBJECTCLASS, type.bv_len) == 0) { + if (value.bv_len >= SLAPI_ATTR_VALUE_SUBENTRY_LENGTH && PL_strncasecmp(value.bv_val,SLAPI_ATTR_VALUE_SUBENTRY,value.bv_len) == 0) e->e_flags |= SLAPI_ENTRY_LDAPSUBENTRY; - if (PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0) + if (value.bv_len >= SLAPI_ATTR_VALUE_TOMBSTONE_LENGTH && PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0) e->e_flags |= SLAPI_ENTRY_FLAG_TOMBSTONE; } diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index d456af8..d8cfe33 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -395,9 +395,22 @@ NSPR_API(PRUint32) PR_fprintf(struct PRFileDesc* fd, const char *fmt, ...) #define SLAPI_ATTR_OBJECTCLASS "objectclass" #define SLAPI_ATTR_VALUE_TOMBSTONE "nsTombstone" #define SLAPI_ATTR_VALUE_PARENT_UNIQUEID "nsParentUniqueID" +#define SLAPI_ATTR_VALUE_SUBENTRY "ldapsubentry" #define SLAPI_ATTR_NSCP_ENTRYDN "nscpEntryDN" #define SLAPI_ATTR_ENTRYUSN "entryusn" -#define SLAPI_ATTR_ENTRYDN "entrydn" +#define SLAPI_ATTR_ENTRYDN "entrydn" +#define SLAPI_ATTR_DN "dn" +#define SLAPI_ATTR_RDN "rdn" +#define SLAPI_ATTR_UNIQUEID_LENGTH 10 +#define SLAPI_ATTR_OBJECTCLASS_LENGTH 11 +#define SLAPI_ATTR_VALUE_TOMBSTONE_LENGTH 11 +#define SLAPI_ATTR_VALUE_PARENT_UNIQUEID_LENGTH 16 +#define SLAPI_ATTR_VALUE_SUBENTRY_LENGTH 12 +#define SLAPI_ATTR_NSCP_ENTRYDN_LENGTH 11 +#define SLAPI_ATTR_ENTRYUSN_LENGTH 8 +#define SLAPI_ATTR_ENTRYDN_LENGTH 7 +#define SLAPI_ATTR_DN_LENGTH 2 +#define SLAPI_ATTR_RDN_LENGTH 3 /* opaque structures */ -- 1.8.1.4