--- servers/slapd/acl.c	2002/01/08 16:26:48	1.27.2.18
+++ servers/slapd/acl.c	2002/01/14 16:47:39	1.27.2.19
@@ -1,5 +1,5 @@
 /* acl.c - routines to parse and check acl's */
-/* $OpenLDAP: pkg/ldap/servers/slapd/acl.c,v 1.27.2.17 2002/01/04 20:38:25 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/acl.c,v 1.27.2.18 2002/01/08 16:26:48 kurt Exp $ */
 /*
  * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -899,10 +899,20 @@ acl_check_modlist(
 
 		switch ( mlist->sml_op ) {
 		case LDAP_MOD_REPLACE:
-		case LDAP_MOD_ADD:
 			if ( mlist->sml_bvalues == NULL ) {
+				if ( ! access_allowed( be, conn, op, e,
+					mlist->sml_desc, NULL, ACL_WRITE ) )
+				{
+					return( 0 );
+				}
 				break;
 			}
+
+			/* fall thru */
+
+		case LDAP_MOD_ADD:
+			assert( mlist->sml_bvalues != NULL );
+
 			for ( i = 0; mlist->sml_bvalues[i] != NULL; i++ ) {
 				if ( ! access_allowed( be, conn, op, e,
 					mlist->sml_desc, mlist->sml_bvalues[i], ACL_WRITE ) )
@@ -929,6 +939,10 @@ acl_check_modlist(
 				}
 			}
 			break;
+
+		default:
+			assert( 0 );
+			return( 0 );
 		}
 	}