[Date Prev][Date Next] [Chronological] [Thread] [Top]

Patch: Very buggy slapd/saslauthz.c:slap_parseURI() (ITS#1681)

Full_Name: Hallvard B. Furuseth
Version: 2.1.0alpha
OS: Linux
URL: http://folk.uio.no/hbf/OpenLDAP/parseURI.txt
Submission from: (NULL) (

slap_parseURI() does not handle defaulted scope (== base) when there
is a filter, nor a scope not followed by a filter, nor extensions
after the filter.  It assumes wrongly that dnNormalize2(,&bv,) does
not use bv.bv_len.  It returns LDAP_INVALID_SYNTAX for "ldap://host/";
(i.e. empty base without a following '?') instead of LDAP_SUCCESS
which is returned if there is a '?'.  It does not detect bad filters.
Finally, *scope receives -1 instead of LDAP_SCOPE_BASE for URLs of
the forms "ldap://host/dn"; and "ldap://host/dn?";.

Here is a fix, though I don't know why you don't just use
ldap_url_parse() + dnNormalize2() instead.

It has been tested as a stand-alone routine, but not in slapd (except
for a simple 'make test').