[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_result2error, ldap_parse_result



There are several problems in libldap/error.c, mainly in ldap_parse_result.
For one, it stores the server's error code in a local variable errcode.
However, it returns ld->ld_errno through *errcodep, *before* it has copied
errcode to ld->ld_errno. This is obviously a bug. Also, if the server
actually did return an error, i.e., errcode != LDAP_SUCCESS, it *never*
returns that error through *errcodep. And finally, assuming the previous
problems were resolved correctly, the server's error code would get
overwritten with LDAP_MORE_RESULTS_TO_RETURN if there are more messages
present in the result chain.

Here's the part I'm uncertain about: The API draft only specifies that the
first result message in a chain will get parsed - why are we even
bothering to look for more results and giving the
LDAP_MORE_RESULTS_TO_RETURN return code? I think we should omit this bit of
code. Otherwise, sequences like the following, which appear all over
clients/tools:
  if (( rc = ldap_result2error( ld, res, 0 )) != LDAP_SUCCESS ) {
        ldap_perror( ld, "ldap_search" );
  }
will print the wrong message. I.e., if we fix all the other bugs,
ldap_result2error (which is now just a wrapper for ldap_parse_result)will
return the correct server error code, but that code will no longer be in the
ldap handle, and ldap_perror will just say "more results to return" ...