diff options
author | Rich Megginson <rmeggins@redhat.com> | 2007-10-19 15:36:01 +0000 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2007-10-19 15:36:01 +0000 |
commit | 84adaec98d576be54fdbe510a0863f0f1e9be89e (patch) | |
tree | 55a1e0d4dd1b151329d906abb4385241936b04e9 /ldap/servers/plugins/acl/acllas.c | |
parent | f1a636b3c5074b4a6ea64f75cd2dc21a6167941d (diff) | |
download | ds-84adaec98d576be54fdbe510a0863f0f1e9be89e.tar.gz ds-84adaec98d576be54fdbe510a0863f0f1e9be89e.tar.xz ds-84adaec98d576be54fdbe510a0863f0f1e9be89e.zip |
Resolves: bug 297221
Description: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Reviewed by: supplemental
Fix Description: In some cases, it is ok if the filter is NULL. So just allow NULL in those cases. slapi_str2filter must take either NULL or a writable string, so make sure we pass those in correctly.
Diffstat (limited to 'ldap/servers/plugins/acl/acllas.c')
-rw-r--r-- | ldap/servers/plugins/acl/acllas.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c index 8eedc998..1b04215c 100644 --- a/ldap/servers/plugins/acl/acllas.c +++ b/ldap/servers/plugins/acl/acllas.c @@ -3027,7 +3027,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url /* Convert the filter string */ f = slapi_str2filter ( ludp->lud_filter ); - if (f == NULL) { /* bogus filter */ + if (ludp->lud_filter && (f == NULL)) { /* bogus filter */ slapi_log_error(SLAPI_LOG_FATAL, plugin_name, "DS_LASUserAttrEval: The member URL search filter in entry [%s] is not valid: [%s]\n", n_clientdn, ludp->lud_filter); @@ -3036,8 +3036,8 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url } rc = ACL_TRUE; - if (0 != slapi_vattr_filter_test ( aclpb->aclpb_pblock, - aclpb->aclpb_client_entry, f, 0 /* no acces chk */ )) + if (f && (0 != slapi_vattr_filter_test ( aclpb->aclpb_pblock, + aclpb->aclpb_client_entry, f, 0 /* no acces chk */ ))) rc = ACL_FALSE; ldap_free_urldesc( ludp ); @@ -3843,6 +3843,8 @@ static int acllas_eval_one_target_filter( char * str, Slapi_Entry *e) { int rc = ACL_FALSE; Slapi_Filter *f = NULL; + PR_ASSERT(str); + if ((f = slapi_str2filter(str)) == NULL) { slapi_log_error(SLAPI_LOG_FATAL, plugin_name, "Warning: Bad targetfilter(%s) in aci: does not match\n", str); |