summaryrefslogtreecommitdiffstats
path: root/ldap/servers/slapd
diff options
context:
space:
mode:
authorRich Megginson <rmeggins@redhat.com>2006-04-11 02:14:54 +0000
committerRich Megginson <rmeggins@redhat.com>2006-04-11 02:14:54 +0000
commite8c67e58c2faa3e3f5d328a92391a5a6a4569620 (patch)
tree7e16092b4dfb0106f446bb6a79552004399f7155 /ldap/servers/slapd
parent9545e36805201ac0e3172b762373c6df741c2721 (diff)
downloadds-e8c67e58c2faa3e3f5d328a92391a5a6a4569620.tar.gz
ds-e8c67e58c2faa3e3f5d328a92391a5a6a4569620.tar.xz
ds-e8c67e58c2faa3e3f5d328a92391a5a6a4569620.zip
Bug(s) fixed: 186280
Bug Description: ldapserver: Close potential security vulnerabilities in CGI code Reviewed by: Nathan, Noriko, and Pete (Thanks!) Fix Description: Clean up usage of sprintf, strcpy, fgets instead of gets, fixed buffer usage, etc., mostly in the CGI code and other user facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick to force it to check printf style varargs functions, to check the format string against the argument string, for type mismatches, missing arguments, and too many arguments. In the CGI form argument parsing code, we needed to be more careful about checking for bad input - good input is supposed to look like this: name=value&name=value&..... &name=value. I don't think the original code was checking properly for something like name&name=value. There was another place where we were not checking to see if a buffer had enough room before appending a string to it. I had to change a couple of functions to allow passing in the size of the buffer. Fixed some issues raised by Noriko and Nathan. Platforms tested: RHEL4 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none
Diffstat (limited to 'ldap/servers/slapd')
-rw-r--r--ldap/servers/slapd/abandon.c2
-rw-r--r--ldap/servers/slapd/auth.c2
-rw-r--r--ldap/servers/slapd/back-ldbm/archive.c6
-rw-r--r--ldap/servers/slapd/back-ldbm/dbhelp.c2
-rw-r--r--ldap/servers/slapd/back-ldbm/dllmain.c1
-rw-r--r--ldap/servers/slapd/back-ldbm/import-merge.c3
-rw-r--r--ldap/servers/slapd/back-ldbm/import.h8
-rw-r--r--ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c2
-rw-r--r--ldap/servers/slapd/back-ldbm/ldbm_config.c4
-rw-r--r--ldap/servers/slapd/back-ldbm/ldif2ldbm.c4
-rw-r--r--ldap/servers/slapd/back-ldif/dllmain.c1
-rw-r--r--ldap/servers/slapd/csn.c3
-rw-r--r--ldap/servers/slapd/csngen.c10
-rw-r--r--ldap/servers/slapd/daemon.c2
-rw-r--r--ldap/servers/slapd/eventq.c8
-rw-r--r--ldap/servers/slapd/filter.c4
-rw-r--r--ldap/servers/slapd/log.c2
-rw-r--r--ldap/servers/slapd/proto-slap.h8
-rw-r--r--ldap/servers/slapd/resourcelimit.c2
-rw-r--r--ldap/servers/slapd/result.c12
-rw-r--r--ldap/servers/slapd/schema.c10
-rw-r--r--ldap/servers/slapd/slapi-plugin.h7
-rw-r--r--ldap/servers/slapd/slapi-private.h15
-rw-r--r--ldap/servers/slapd/tools/ldclt/ldclt.c2
-rw-r--r--ldap/servers/slapd/tools/ldclt/repcheck.c6
-rw-r--r--ldap/servers/slapd/tools/ldclt/repslave.c5
-rw-r--r--ldap/servers/slapd/tools/migratecred.c3
-rw-r--r--ldap/servers/slapd/tools/pwenc.c2
28 files changed, 92 insertions, 44 deletions
diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c
index a87a5d07..278455c5 100644
--- a/ldap/servers/slapd/abandon.c
+++ b/ldap/servers/slapd/abandon.c
@@ -158,7 +158,7 @@ do_abandon( Slapi_PBlock *pb )
pb->pb_conn->c_connid, pb->pb_op->o_opid, id );
} else {
slapi_log_access( LDAP_DEBUG_STATS, "conn=%d op=%d ABANDON"
- " targetop=%d msgid=%d nentries=%d etime=%d\n",
+ " targetop=%d msgid=%d nentries=%d etime=%ld\n",
pb->pb_conn->c_connid, pb->pb_op->o_opid, o->o_opid, id,
o->o_results.r.r_search.nentries, current_time() - o->o_time );
diff --git a/ldap/servers/slapd/auth.c b/ldap/servers/slapd/auth.c
index ccd2bf05..56fa517e 100644
--- a/ldap/servers/slapd/auth.c
+++ b/ldap/servers/slapd/auth.c
@@ -445,7 +445,7 @@ handle_handshake_done (PRFileDesc *prfd, void* clientData)
!= SECSuccess) {
PRErrorCode errorCode = PR_GetError();
slapi_log_access (LDAP_DEBUG_STATS,
- "conn=%d SSL failed to obtain cipher info; ",
+ "conn=%d SSL failed to obtain cipher info; "
SLAPI_COMPONENT_NAME_NSPR " error %i (%s)\n",
conn->c_connid, errorCode, slapd_pr_strerror(errorCode));
return;
diff --git a/ldap/servers/slapd/back-ldbm/archive.c b/ldap/servers/slapd/back-ldbm/archive.c
index 8050e393..cb317b52 100644
--- a/ldap/servers/slapd/back-ldbm/archive.c
+++ b/ldap/servers/slapd/back-ldbm/archive.c
@@ -207,7 +207,7 @@ int ldbm_back_archive2ldbm( Slapi_PBlock *pb )
c = *p;
*p = '\0';
}
- bakup_dir = slapi_ch_smprintf("%s%ctmp_%010d", directory, c, time(0));
+ bakup_dir = slapi_ch_smprintf("%s%ctmp_%010ld", directory, c, time(0));
LDAPDebug( LDAP_DEBUG_ANY,
"archive2db: backup dir: %s\n", bakup_dir, 0, 0);
*p = c;
@@ -315,10 +315,10 @@ int ldbm_back_ldbm2archive( Slapi_PBlock *pb )
if (task) {
slapi_task_log_notice(task,
"Failed to rename \"%s\" to \"%s\".",
- directory, dir_bak, 0);
+ directory, dir_bak);
slapi_task_log_notice(task,
SLAPI_COMPONENT_NAME_NSPR " error %d (%s)",
- prerr, slapd_pr_strerror(prerr), 0);
+ prerr, slapd_pr_strerror(prerr));
}
return_value = -1;
goto out;
diff --git a/ldap/servers/slapd/back-ldbm/dbhelp.c b/ldap/servers/slapd/back-ldbm/dbhelp.c
index 5ad59e84..29f2d284 100644
--- a/ldap/servers/slapd/back-ldbm/dbhelp.c
+++ b/ldap/servers/slapd/back-ldbm/dbhelp.c
@@ -51,7 +51,7 @@ static int dblayer_copy_file_keybykey(DB_ENV *env, char *source_file_name, char
DB *source_file = NULL;
DB *destination_file = NULL;
DBC *source_cursor = NULL;
- int dbtype = 0;
+ DBTYPE dbtype = 0;
int dbflags = 0;
int dbpagesize = 0;
int cursor_flag = 0;
diff --git a/ldap/servers/slapd/back-ldbm/dllmain.c b/ldap/servers/slapd/back-ldbm/dllmain.c
index 187f78b8..47d3ce56 100644
--- a/ldap/servers/slapd/back-ldbm/dllmain.c
+++ b/ldap/servers/slapd/back-ldbm/dllmain.c
@@ -136,6 +136,7 @@ void LDAPDebug( int level, char* fmt, ... )
va_list ap;
va_start (ap, fmt);
_snprintf (debugBuf, sizeof(debugBuf), fmt, ap);
+ debugBuf[sizeof(debugBuf)-1] = 0;
va_end (ap);
OutputDebugString (debugBuf);
diff --git a/ldap/servers/slapd/back-ldbm/import-merge.c b/ldap/servers/slapd/back-ldbm/import-merge.c
index e5f817e7..bed6a9b6 100644
--- a/ldap/servers/slapd/back-ldbm/import-merge.c
+++ b/ldap/servers/slapd/back-ldbm/import-merge.c
@@ -654,8 +654,7 @@ int import_mega_merge(ImportJob *job)
int passes = job->current_pass;
if (1 == job->number_indexers) {
- import_log_notice(job, "Beginning %d-way merge of one file...", passes,
- job->number_indexers);
+ import_log_notice(job, "Beginning %d-way merge of one file...", passes);
} else {
import_log_notice(job, "Beginning %d-way merge of up to %lu files...",
passes, job->number_indexers);
diff --git a/ldap/servers/slapd/back-ldbm/import.h b/ldap/servers/slapd/back-ldbm/import.h
index f0398deb..72dbd495 100644
--- a/ldap/servers/slapd/back-ldbm/import.h
+++ b/ldap/servers/slapd/back-ldbm/import.h
@@ -203,7 +203,13 @@ struct _import_worker_info {
/* import.c */
FifoItem *import_fifo_fetch(ImportJob *job, ID id, int worker, int shift);
void import_free_job(ImportJob *job);
-void import_log_notice(ImportJob *job, char *format, ...);
+void import_log_notice(ImportJob *job, char *format, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 2, 3)));
+#else
+ ;
+#endif
+
void import_abort_all(ImportJob *job, int wait_for_them);
int import_entry_belongs_here(Slapi_Entry *e, backend *be);
int import_make_merge_filenames(char *directory, char *indexname, int pass,
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
index fa94025b..626df177 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
@@ -199,7 +199,7 @@ attrcrypt_keymgmt_store_key(ldbm_instance *li, attrcrypt_cipher_state *acs, SECK
key_as_berval.bv_len = wrapped_symmetric_key.len;
key_value = slapi_value_new_berval(&key_as_berval);
/* key_value is now a copy of key_as_berval - free wrapped_symmetric_key */
- slapi_ch_free(&wrapped_symmetric_key.data);
+ slapi_ch_free_string((char **)&wrapped_symmetric_key.data);
slapi_entry_add_value(e, KEY_ATTRIBUTE_NAME, key_value);
slapi_value_free(&key_value);
/* Store the entry */
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.c b/ldap/servers/slapd/back-ldbm/ldbm_config.c
index 7f27b47a..169d8e29 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.c
@@ -1371,6 +1371,7 @@ int ldbm_config_load_dse_info(struct ldbminfo *li)
void ldbm_config_get(void *arg, config_info *config, char *buf)
{
char *tmp_string;
+ size_t val = 0;
if (config == NULL) {
buf[0] = '\0';
@@ -1387,7 +1388,8 @@ void ldbm_config_get(void *arg, config_info *config, char *buf)
sprintf(buf, "%ld", (long) config->config_get_fn(arg));
break;
case CONFIG_TYPE_SIZE_T:
- sprintf(buf, "%lu", (size_t) config->config_get_fn(arg));
+ val = (size_t) config->config_get_fn(arg);
+ sprintf(buf, "%lu", val);
break;
case CONFIG_TYPE_STRING:
/* Remember the get function for strings returns memory
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
index 13c8ad89..07aa3e58 100644
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
@@ -1307,7 +1307,7 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
if (NULL == inst) {
if (task) {
slapi_task_log_notice(task, "Unknown ldbm instance %s",
- instance_name, 0, 0);
+ instance_name);
}
LDAPDebug(LDAP_DEBUG_ANY, "Unknown ldbm instance %s\n",
instance_name, 0, 0);
@@ -2081,7 +2081,7 @@ int ldbm_back_upgradedb(Slapi_PBlock *pb)
{
time_t tm = time(0); /* long */
- char *tmpname = slapi_ch_smprintf("%s/%d", dest_dir, tm);
+ char *tmpname = slapi_ch_smprintf("%s/%ld", dest_dir, tm);
dest_dir = tmpname;
}
else /* not a directory */
diff --git a/ldap/servers/slapd/back-ldif/dllmain.c b/ldap/servers/slapd/back-ldif/dllmain.c
index 9dc45e74..29942f99 100644
--- a/ldap/servers/slapd/back-ldif/dllmain.c
+++ b/ldap/servers/slapd/back-ldif/dllmain.c
@@ -140,6 +140,7 @@ void LDAPDebug( int level, char* fmt, ... )
va_list ap;
va_start (ap, fmt);
_snprintf (debugBuf, sizeof(debugBuf), fmt, ap);
+ debugBuf[sizeof(debugBuf)-1] = 0;
va_end (ap);
OutputDebugString (debugBuf);
diff --git a/ldap/servers/slapd/csn.c b/ldap/servers/slapd/csn.c
index ecabfc4b..7c517048 100644
--- a/ldap/servers/slapd/csn.c
+++ b/ldap/servers/slapd/csn.c
@@ -372,11 +372,12 @@ csn_max(const CSN *csn1,const CSN *csn2)
int csn_increment_subsequence (CSN *csn)
{
+ PRUint16 maxsubseq = (PRUint16)0xFFFFFFFF;
if (csn == NULL)
{
return -1;
}
- else if (csn->subseqnum == 0xFFFFFFFF)
+ else if (csn->subseqnum == maxsubseq)
{
slapi_log_error(SLAPI_LOG_FATAL, NULL,
"csn_increment_subsequence: subsequence overflow\n");
diff --git a/ldap/servers/slapd/csngen.c b/ldap/servers/slapd/csngen.c
index dc45da22..9716d3b2 100644
--- a/ldap/servers/slapd/csngen.c
+++ b/ldap/servers/slapd/csngen.c
@@ -338,8 +338,8 @@ int csngen_adjust_time (CSNGen *gen, const CSN* csn)
else /* remote_offset > CSN_MAX_TIME_ADJUST */
{
slapi_log_error (SLAPI_LOG_FATAL, NULL, "csngen_adjust_time: "
- "adjustment limit exceeded; value - %d, limit - %d\n",
- remote_offset, CSN_MAX_TIME_ADJUST);
+ "adjustment limit exceeded; value - %ld, limit - %ld\n",
+ remote_offset, (long)CSN_MAX_TIME_ADJUST);
PR_RWLock_Unlock (gen->lock);
return CSN_LIMIT_EXCEEDED;
}
@@ -427,9 +427,9 @@ void csngen_dump_state (const CSNGen *gen)
PR_RWLock_Rlock (gen->lock);
slapi_log_error(SLAPI_LOG_FATAL, NULL, "CSN generator's state:\n");
slapi_log_error(SLAPI_LOG_FATAL, NULL, "\treplica id: %d\n", gen->state.rid);
- slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tsampled time: %d\n", gen->state.sampled_time);
- slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tlocal offset: %d\n", gen->state.local_offset);
- slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tremote offset: %d\n", gen->state.remote_offset);
+ slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tsampled time: %ld\n", gen->state.sampled_time);
+ slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tlocal offset: %ld\n", gen->state.local_offset);
+ slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tremote offset: %ld\n", gen->state.remote_offset);
slapi_log_error(SLAPI_LOG_FATAL, NULL, "\tsequence number: %d\n", gen->state.seq_num);
PR_RWLock_Unlock (gen->lock);
}
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 1f3de4f9..1fe82b77 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -2588,7 +2588,7 @@ int configure_pr_socket( PRFileDesc **pr_socket, int secure )
if ( NULL == nspr_layer_fd ) {
slapi_log_error( SLAPI_LOG_FATAL, "configure_pr_socket",
"Unable to move socket file descriptor %d above %d:"
- " PR_GetIdentitiesLayer( 0x%x, PR_NSPR_IO_LAYER )"
+ " PR_GetIdentitiesLayer( %p, PR_NSPR_IO_LAYER )"
" failed\n", ns, reservedescriptors, *pr_socket );
close( newfd ); /* can't fix things up in NSPR -- close copy */
} else {
diff --git a/ldap/servers/slapd/eventq.c b/ldap/servers/slapd/eventq.c
index ca7ab67b..8909e074 100644
--- a/ldap/servers/slapd/eventq.c
+++ b/ldap/servers/slapd/eventq.c
@@ -143,7 +143,7 @@ slapi_eq_once(slapi_eq_fn_t fn, void *arg, time_t when)
/* scheduling. Too bad */
slapi_log_error(SLAPI_LOG_HOUSE, NULL,
- "added one-time event id 0x%x at time %u\n",
+ "added one-time event id %p at time %ld\n",
id, when);
return(id);
}
@@ -175,7 +175,7 @@ slapi_eq_repeat(slapi_eq_fn_t fn, void *arg, time_t when, unsigned long interval
tmp = eq_new(fn, arg, when, interval);
eq_enqueue(tmp);
slapi_log_error(SLAPI_LOG_HOUSE, NULL,
- "added repeating event id 0x%x at time %u, interval %u\n",
+ "added repeating event id %p at time %ld, interval %lu\n",
tmp->ec_id, when, interval);
return(tmp->ec_id);
}
@@ -212,7 +212,7 @@ slapi_eq_cancel(Slapi_Eq_Context ctx)
PR_Unlock(eq->eq_lock);
}
slapi_log_error(SLAPI_LOG_HOUSE, NULL,
- "cancellation of event id 0x%x requested: %s\n",
+ "cancellation of event id %p requested: %s\n",
ctx, found ? "cancellation succeeded" : "event not found");
return found;
}
@@ -306,7 +306,7 @@ eq_call_all()
/* Call the scheduled function */
p->ec_fn(p->ec_when, p->ec_arg);
slapi_log_error(SLAPI_LOG_HOUSE, NULL,
- "Event id 0x%x called at %u (scheduled for %u)\n",
+ "Event id %p called at %ld (scheduled for %ld)\n",
p->ec_id, current_time(), p->ec_when);
if (0UL != p->ec_interval) {
/* This is a repeating event. Requeue it. */
diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
index eb2a4056..605333c8 100644
--- a/ldap/servers/slapd/filter.c
+++ b/ldap/servers/slapd/filter.c
@@ -100,14 +100,14 @@ get_filter( Connection *conn, BerElement *ber, int scope,
logbuf = slapi_ch_malloc(logbufsize);
*logbuf = '\0';
slapi_log_error( SLAPI_LOG_FATAL, "get_filter", "before optimize: %s\n",
- slapi_filter_to_string(*filt, logbuf, logbufsize), 0, 0 );
+ slapi_filter_to_string(*filt, logbuf, logbufsize));
}
filter_optimize(*filt);
if (NULL != logbuf) {
slapi_log_error( SLAPI_LOG_FATAL, "get_filter", " after optimize: %s\n",
- slapi_filter_to_string(*filt, logbuf, logbufsize), 0, 0 );
+ slapi_filter_to_string(*filt, logbuf, logbufsize));
slapi_ch_free_string( &logbuf );
}
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index 022a126c..664c6d83 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -2269,7 +2269,7 @@ log_rotate:
"LOGINFO:End of Log because size exceeded(Max:%d bytes) (Is:%d bytes)\n", maxlogsize, f_size, 0);
} else if ( type == LOG_EXPIRED) {
LDAPDebug(LDAP_DEBUG_TRACE,
- "LOGINFO:End of Log because time exceeded(Max:%d secs) (Is:%d secs)\n",
+ "LOGINFO:End of Log because time exceeded(Max:%d secs) (Is:%ld secs)\n",
rotationtime_secs, curr_time - log_createtime,0);
}
}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 30f88b5c..e150a003 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -557,7 +557,13 @@ int lock_fclose( FILE *fp, FILE *lfp );
* log.c
*/
int slapd_log_error_proc( char *subsystem, char *fmt, ... );
-int slapi_log_access( int level, char *fmt, ... );
+
+int slapi_log_access( int level, char *fmt, ... )
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 2, 3)));
+#else
+ ;
+#endif
int slapd_log_audit_proc(char *buffer, int buf_len);
void log_access_flush();
diff --git a/ldap/servers/slapd/resourcelimit.c b/ldap/servers/slapd/resourcelimit.c
index a73b0211..d4cce9c2 100644
--- a/ldap/servers/slapd/resourcelimit.c
+++ b/ldap/servers/slapd/resourcelimit.c
@@ -474,7 +474,7 @@ reslimit_update_from_entry( Slapi_Connection *conn, Slapi_Entry *e )
if ( slapi_valueset_next_value( vs, index, &v ) != -1 ) {
char ebuf[ BUFSIZ ];
slapi_log_error( SLAPI_LOG_FATAL, SLAPI_RESLIMIT_MODULE,
- "%s: ignoring multiple values for %s in entry \n",
+ "%s: ignoring multiple values for %s in entry %s\n",
fnname, reslimit_map[ i ].rlmap_at,
escape_string( slapi_entry_get_dn_const( e ),
ebuf ));
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index dc26e986..dd9bf3dd 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1696,7 +1696,7 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, unsigned long tag,
{
slapi_log_access( LDAP_DEBUG_STATS,
"conn=%d op=%d RESULT err=%d"
- " tag=%d nentries=%d etime=%s%s%s"
+ " tag=%lu nentries=%d etime=%s%s%s"
", SASL bind in progress\n",
op->o_connid,
op->o_opid,
@@ -1708,7 +1708,7 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, unsigned long tag,
{
slapi_log_access( LDAP_DEBUG_ARGS,
"conn=%s op=%d RESULT err=%d"
- " tag=%d nentries=%d etime=%s%s%s"
+ " tag=%lu nentries=%d etime=%s%s%s"
", SASL bind in progress\n",
LOG_INTERNAL_OP_CON_ID,
LOG_INTERNAL_OP_OP_ID,
@@ -1728,7 +1728,7 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, unsigned long tag,
{
slapi_log_access( LDAP_DEBUG_STATS,
"conn=%d op=%d RESULT err=%d"
- " tag=%d nentries=%d etime=%s%s%s"
+ " tag=%lu nentries=%d etime=%s%s%s"
" dn=\"%s\"\n",
op->o_connid,
op->o_opid,
@@ -1740,7 +1740,7 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, unsigned long tag,
{
slapi_log_access( LDAP_DEBUG_ARGS,
"conn=%s op=%d RESULT err=%d"
- " tag=%d nentries=%d etime=%s%s%s"
+ " tag=%lu nentries=%d etime=%s%s%s"
" dn=\"%s\"\n",
LOG_INTERNAL_OP_CON_ID,
LOG_INTERNAL_OP_OP_ID,
@@ -1754,7 +1754,7 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, unsigned long tag,
{
slapi_log_access( LDAP_DEBUG_STATS,
"conn=%d op=%d RESULT err=%d"
- " tag=%d nentries=%d etime=%s%s%s\n",
+ " tag=%lu nentries=%d etime=%s%s%s\n",
op->o_connid,
op->o_opid,
err, tag, nentries,
@@ -1765,7 +1765,7 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, unsigned long tag,
{
slapi_log_access( LDAP_DEBUG_ARGS,
"conn=%s op=%d RESULT err=%d"
- " tag=%d nentries=%d etime=%s%s%s\n",
+ " tag=%lu nentries=%d etime=%s%s%s\n",
LOG_INTERNAL_OP_CON_ID,
LOG_INTERNAL_OP_OP_ID,
err, tag, nentries,
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index 6ce43a52..e3ca1685 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -151,7 +151,13 @@ static int schema_strcmp_array( char **sa1, char **sa2,
const char *ignorestr );
static PRBool schema_type_is_interesting( const char *type );
static void schema_create_errormsg( char *errorbuf, size_t errorbufsize,
- const char *prefix, const char *name, const char *fmt, ... );
+ const char *prefix, const char *name, const char *fmt, ... )
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 5, 6)));
+#else
+ ;
+#endif
+
/* Some utility functions for dealing with a dynamic buffer */
@@ -4066,7 +4072,7 @@ init_schema_dse(const char *configdir)
{
slapi_log_error(SLAPI_LOG_FATAL, "schema", "Could not add"
" attribute type \"objectClass\" to the schema: %s\n",
- errorbuf, 0, 0);
+ errorbuf);
}
rc = dse_read_file(pschemadse, &pb);
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 79041106..15ef187a 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -850,7 +850,12 @@ void slapi_ch_free_string( char **s );
struct berval* slapi_ch_bvdup(const struct berval*);
struct berval** slapi_ch_bvecdup(struct berval**);
void slapi_ch_bvfree(struct berval** v);
-char * slapi_ch_smprintf(const char *fmt, ...);
+char * slapi_ch_smprintf(const char *fmt, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 1, 2)));
+#else
+ ;
+#endif
/*
* syntax plugin routines
diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
index 9c9ce5c3..f666c260 100644
--- a/ldap/servers/slapd/slapi-private.h
+++ b/ldap/servers/slapd/slapi-private.h
@@ -1211,8 +1211,19 @@ struct _slapi_task {
int slapi_task_register_handler(const char *name, dseCallbackFn func);
void slapi_task_status_changed(Slapi_Task *task);
-void slapi_task_log_status(Slapi_Task *task, char *format, ...);
-void slapi_task_log_notice(Slapi_Task *task, char *format, ...);
+void slapi_task_log_status(Slapi_Task *task, char *format, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 2, 3)));
+#else
+ ;
+#endif
+
+void slapi_task_log_notice(Slapi_Task *task, char *format, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 2, 3)));
+#else
+ ;
+#endif
/* End of interface to support online tasks **********************************/
diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.c b/ldap/servers/slapd/tools/ldclt/ldclt.c
index 95b0982f..f4114c7c 100644
--- a/ldap/servers/slapd/tools/ldclt/ldclt.c
+++ b/ldap/servers/slapd/tools/ldclt/ldclt.c
@@ -3060,6 +3060,8 @@ main (
ldcltExit (EXIT_OTHER); /*JLS 25-08-00*/
ldcltExit (mctx.exitStatus); /*JLS 25-08-00*/
+
+ return mctx.exitStatus;
}
diff --git a/ldap/servers/slapd/tools/ldclt/repcheck.c b/ldap/servers/slapd/tools/ldclt/repcheck.c
index 6967e708..8851f7fe 100644
--- a/ldap/servers/slapd/tools/ldclt/repcheck.c
+++ b/ldap/servers/slapd/tools/ldclt/repcheck.c
@@ -111,6 +111,7 @@ main(int argc, char**argv)
char **tmp;
struct hostent *serveraddr;
struct sockaddr_in srvsaddr;
+ char *p;
while((i=getopt(argc,argv,"p:"))!=EOF){
switch(i){
@@ -125,7 +126,10 @@ main(int argc, char**argv)
maxop=npend=0;
pendops=(Optype*)malloc(sizeof(Optype)*20);
sigset(SIGPIPE,SIG_IGN);
- while(gets(logline)){
+ while(fgets(logline, sizeof(logline), stdin)){
+ if (p = strchr(logline, '\n')) {
+ *p = 0;
+ }
if(!connected){
if((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1){
perror(argv[0]);
diff --git a/ldap/servers/slapd/tools/ldclt/repslave.c b/ldap/servers/slapd/tools/ldclt/repslave.c
index 952d91a3..3e892f66 100644
--- a/ldap/servers/slapd/tools/ldclt/repslave.c
+++ b/ldap/servers/slapd/tools/ldclt/repslave.c
@@ -314,8 +314,11 @@ main(int argc, char**argv)
* Ignore SIGPIPE during write()
*/
sigset(SIGPIPE,SIG_IGN);
- while(gets(logline))
+ while(fgets(logline, sizeof(logline), stdin))
{
+ if (p = strchr(logline, '\n')) {
+ *p = 0;
+ }
if(log)
puts(logline);
for(tmp=ldap_ops,i=0;tmp[i];i++)
diff --git a/ldap/servers/slapd/tools/migratecred.c b/ldap/servers/slapd/tools/migratecred.c
index d898889a..b8543b0f 100644
--- a/ldap/servers/slapd/tools/migratecred.c
+++ b/ldap/servers/slapd/tools/migratecred.c
@@ -172,7 +172,8 @@ main( int argc, char **argv)
#endif
#endif
- sprintf(libpath, "%s/../lib/des-plugin%s", newpath, shared_lib);
+ snprintf(libpath, sizeof(libpath), "%s/../lib/des-plugin%s", newpath, shared_lib);
+ libpath[sizeof(libpath)-1] = 0;
fct = (migrate_fn_type)sym_load(libpath, "migrateCredentials",
"DES Plugin", 1 /* report errors */ );
diff --git a/ldap/servers/slapd/tools/pwenc.c b/ldap/servers/slapd/tools/pwenc.c
index 350f7111..c87e0f64 100644
--- a/ldap/servers/slapd/tools/pwenc.c
+++ b/ldap/servers/slapd/tools/pwenc.c
@@ -129,7 +129,7 @@ main( argc, argv )
struct pw_scheme *pwsp, *cmppwsp;
extern int optind;
char *cpwd = NULL; /* candidate password for comparison */
- char errorbuf[BUFSIZ];
+ char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
slapdFrontendConfig_t *slapdFrontendConfig = NULL;
char *opts = "Hs:c:D:";
generated by cgit (git 2.34.1) at 2024-06-28 10:16:58 +0000