[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7762) ldap_dn2bv_x misbehaves for "empty" dn

Full_Name: Marc Schmitzer
Version: 2.4.28
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

The ldap_dn2bv_x function misbehaves for the LDAPV2 and LDAPV3 formats when it
is passed an "empty" DN in the form of an LDAPRDN-array whose first element is
NULL. The "len" variable remains zero throughout the function, as no RDNS are
processed. Finally, the bv_len member of the output struct berval is set to
len-1. The result is a berval with bv_len = UINT_MAX.

Tested with 2.4.28, but the problem appears to present in the current git master
as well.

The following code snippet demonstrates the problem:

#include <stdio.h>
#include <ldap.h>

int main(int argc, char** argv)
  LDAPRDN dn[1] = { NULL };
  struct berval bv = { 0, NULL };
  int res = ldap_dn2bv(dn, &bv, LDAP_DN_FORMAT_LDAPV3);
  printf("res: %d\n", res);
  printf("len: %u\n", (unsigned int) bv.bv_len);

  return 0;

res: 0
len: 4294967295