[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8574) bconfig support for DNs that need escaping



okuznik@symas.com wrote:
> Full_Name: Ondrej Kuznik
> Version: master
> OS:
> URL: ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170125-Deal-with-rDN-correctly.patch
> Submission from: (NULL) (151.228.185.198)
>
>
> When an rdn under cn=config needs escaping, incorrect value gets passed to the
> attribute and, if the attribute is single-value, the entry is rejected by
> entry_naming_check().
>
> Patch against master is attached.

Why are you running the normalizer in a for-loop:

+ for ( cnt = 0; rDN[cnt]; cnt++ ) {

but always setting value #0?

+		free( a->a_vals[0].bv_val );
+		ber_dupbv( &a->a_vals[0], &ava->la_value );

If the RDN is actually a compound with multiple AVAs you need to concatenate 
them into a single value. Otherwise, if you don't intend to support compound 
RDNs, there's no point in using a for-loop. Just return an error if there's 
more than one AVA.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/