[Fedora-directory-commits] ldapserver/ldap/servers/plugins/acl acllas.c, 1.5, 1.5.2.1 aclanom.c, 1.5, 1.5.2.1
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Fri Dec 21 00:03:48 UTC 2007
- Previous message (by thread): [Fedora-directory-commits] ldapserver configure.ac, 1.44, 1.45 aclocal.m4, 1.60, 1.61 configure, 1.77, 1.78 missing, 1.45, 1.46 install-sh, 1.45, 1.46 compile, 1.44, 1.45 depcomp, 1.45, 1.46 Makefile.in, 1.81, 1.82 config.sub, 1.44, 1.45 config.guess, 1.44, 1.45
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins/statechange statechange.c, 1.5, 1.5.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24843/plugins/acl
Modified Files:
Tag: Directory71RtmBranch
acllas.c aclanom.c
Log Message:
Resolves: #297221
Summary: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Note: applying the fixes in HEAD to Directory71RtmBranch
Index: acllas.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acllas.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- acllas.c 19 Apr 2005 22:07:28 -0000 1.5
+++ acllas.c 21 Dec 2007 00:03:45 -0000 1.5.2.1
@@ -3027,9 +3027,17 @@
/* Convert the filter string */
f = slapi_str2filter ( ludp->lud_filter );
+ if (ludp->lud_filter && (f == NULL)) { /* bogus filter */
+ slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
+ "DS_LASUserAttrEval: The member URL search filter in entry [%s] is not valid: [%s]\n",
+ n_clientdn, ludp->lud_filter);
+ ldap_free_urldesc( ludp );
+ return ACL_FALSE;
+ }
+
rc = ACL_TRUE;
- if (0 != slapi_vattr_filter_test ( aclpb->aclpb_pblock,
- aclpb->aclpb_client_entry, f, 0 /* no acces chk */ ))
+ if (f && (0 != slapi_vattr_filter_test ( aclpb->aclpb_pblock,
+ aclpb->aclpb_client_entry, f, 0 /* no acces chk */ )))
rc = ACL_FALSE;
ldap_free_urldesc( ludp );
@@ -3844,6 +3852,8 @@
int rc = ACL_FALSE;
Slapi_Filter *f = NULL;
+ PR_ASSERT(str);
+
if ((f = slapi_str2filter(str)) == NULL) {
slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
"Warning: Bad targetfilter(%s) in aci: does not match\n", str);
Index: aclanom.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/aclanom.c,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- aclanom.c 19 Apr 2005 22:07:28 -0000 1.5
+++ aclanom.c 21 Dec 2007 00:03:45 -0000 1.5.2.1
@@ -233,8 +233,16 @@
}
a_profile->anom_targetinfo[a_numacl].anom_filter = NULL;
- if ( aci->targetFilterStr )
+ if ( aci->targetFilterStr ) {
a_profile->anom_targetinfo[a_numacl].anom_filter = slapi_str2filter ( aci->targetFilterStr );
+ if (NULL == a_profile->anom_targetinfo[a_numacl].anom_filter) {
+ const char *dn = slapi_sdn_get_dn ( aci->aci_sdn );
+ slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
+ "Error: invalid filter [%s] in anonymous aci in entry [%s]\n",
+ aci->targetFilterStr, dn);
+ goto cleanup;
+ }
+ }
i = 0;
srcattrArray = aci->targetAttr;
- Previous message (by thread): [Fedora-directory-commits] ldapserver configure.ac, 1.44, 1.45 aclocal.m4, 1.60, 1.61 configure, 1.77, 1.78 missing, 1.45, 1.46 install-sh, 1.45, 1.46 compile, 1.44, 1.45 depcomp, 1.45, 1.46 Makefile.in, 1.81, 1.82 config.sub, 1.44, 1.45 config.guess, 1.44, 1.45
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins/statechange statechange.c, 1.5, 1.5.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list