[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5751) undefined value in slapo-constraint with bad filter

hyc@symas.com wrote:
> h.b.furuseth@usit.uio.no wrote:
>> Full_Name: Hallvard B Furuseth
>> Version: HEAD, RE24
>> OS:
>> URL:
>> Submission from: (NULL) (
>> Submitted by: hallvard
>> overlays/constraint.c:constraint_violation() uses and maybe returns an
>> undefined value in 'rc' if the filter is bad (nop.ors_filter == NULL).
>> I have no idea what rc should be in this case.
>> Introduced in constraint.c 1.18 (OpenLDAP 2.4.12).
> Probably should just set rc=LDAP_SUCCESS in this case. The constraint is 
> invalid, so it cannot be violated.

Hmm, I'd prefer a strong indication that the constraint is invalid.

If it can be proven that the filter is bad slapo-constraint should
probably stop during startup with an appropriate message. Otherwise
returning constraintViolation would be appropriate either since the LDAP
client fails then and it makes admins search for the cause of it.

Ciao, Michael.