[Pki-devel] Please Review: (Ticket 209)TPS token enrollment causes DS syntax violations
Ade Lee
alee at redhat.com
Thu Jan 17 03:08:02 UTC 2013
On Fri, 2013-01-11 at 14:19 -0800, Nathan Kinder wrote:
> https://fedorahosted.org/pki/ticket/209
>
> https://fedorahosted.org/pki/attachment/ticket/209/0001-Ticket-209-TPS-token-enrollment-causes-DS-syntax-vio.patch
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
Th patch itself looks fine. It looks like its doing what is advertised.
I have a question, though, about the effects of this patch.
Prior to this patch, if DS syntax checking were turned off, then a
number of attributes could be stored in the TPS data records with a
value of "". Now, when these records are accessed - either for
processing or display in the UI, the values are usually returned with
various function calls that ultimately call something like:
char *get_cert_attr_byname(LDAPMessage *entry, const char *name)
This would return "" for an empty attribute, but presumably would return
NULL now that the attribute does not exist in the record. Have you
looked at all the places where these parameters are queried, and made
sure that we handle the NULL return correctly?
Ade
More information about the Pki-devel
mailing list