[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: segfault in ldap_back_search() with ENABLE_REWRITE (ITS#2825)

> Pierangelo Masarati wrote:
>>I suggest this patch for OPENLDAP_REL_ENG_2_1 and next 2.1 release.
> Why do you say that it should not happen ??
> Is it not allowed to do SASL bind on subordinate back-ldap ?  Am I doing
>  something wrong ?

In my opinion, an empty DN is represented by a berval
with 0 length pointing to a "".  Everything else is wrong.
Besides, it's unclear to me what a base has to do with
sasl auth{c|z}

> What about filterstr ? it too is passed as NULL by slap_sasl2dn() and
> derefenenced unconditionally.

where?  In any case, one of the reasons of using bervals
instead of char*s was exactly to avoid having to check for
NULL pointers and calling strlen() all the times.  Now
all struct berval*s should be assert()ed, and a null
berval'ed field should be tested as bv->bv_val == NULL while
an empty one should be tested as bv->bv_len != 0.  In my
opinion, a NULL base is totally meaningless; an empty base
makes sense.


Pierangelo Masarati