Resolves: bug 297221

Bug Description: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem was that we were not checking the return value of slapi_str2filter().  I added a check at the crash site, and it will not print out a helpful error message.  I did a search through the code looking for other similar places and found a couple.  I added similar code in those places.
I added an initialization of a buffer to null, as suggested by nhosoi.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no

4 files changed, 27 insertions, 3 deletions

diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index e017c581..8eedc998 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -3027,6 +3027,14 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
 	/* Convert the filter string */
 	f = slapi_str2filter ( ludp->lud_filter );
 
+	if (f == NULL) { /* bogus filter */
+		slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
+						"DS_LASUserAttrEval: The member URL search filter in entry [%s] is not valid: [%s]\n",
+						n_clientdn, ludp->lud_filter);
+		ldap_free_urldesc( ludp );
+		return ACL_FALSE;
+    }
+
 	rc = ACL_TRUE;
 	if (0 != slapi_vattr_filter_test ( aclpb->aclpb_pblock, 
 				aclpb->aclpb_client_entry, f, 0 /* no acces chk */ ))
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index 2541bdf8..eff85cce 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -512,7 +512,12 @@ static int parseConfigEntry(Slapi_Entry *e)
 
 	value = slapi_entry_attr_get_charptr(e, DNA_FILTER);
 	if (value) {
-		entry->filter = slapi_str2filter(value);
+		if (NULL == (entry->filter = slapi_str2filter(value))) {
+			slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM ,
+							"Error: Invalid search filter in entry [%s]: [%s]\n",
+							entry->dn, value);
+			goto bail;
+		}
 	}
 	else
 		goto bail;
@@ -1170,6 +1175,7 @@ void dnaDumpConfigEntry(configEntry *entry)
 	printf("<---- prefix ---------> %s\n", entry->prefix);
 	printf("<---- next value -----> %lu\n", entry->nextval);
 	printf("<---- interval -------> %lu\n", entry->interval);
+	buffer[0] = '\0';
 	printf("<---- filter ---------> %s\n", 
 		slapi_filter_to_string_internal((const struct slapi_filter *)entry->filter, buffer, &bufsiz));
 	printf("<---- generate flag --> %s\n", entry->generate);
diff --git a/ldap/servers/plugins/statechange/statechange.c b/ldap/servers/plugins/statechange/statechange.c
index 9bc1db91..e2e1ca50 100644
--- a/ldap/servers/plugins/statechange/statechange.c
+++ b/ldap/servers/plugins/statechange/statechange.c
@@ -331,7 +331,17 @@ static int _statechange_register(char *caller_id, char *dn, char *filter, void *
 			item->dn = 0;
 		item->filter = slapi_ch_strdup(filter);
 		item->caller_data = caller_data;
-		item->realfilter = slapi_str2filter(writable_filter);
+		if (NULL == (item->realfilter = slapi_str2filter(writable_filter))) {
+			slapi_log_error(SLAPI_LOG_FATAL, SCN_PLUGIN_SUBSYSTEM,
+							"Error: invalid filter in statechange entry [%s]: [%s]\n",
+							dn, filter);
+			slapi_ch_free_string(&item->caller_id);
+			slapi_ch_free_string(&item->dn);
+			slapi_ch_free_string(&item->filter);
+			slapi_ch_free_string(&writable_filter);
+			slapi_ch_free((void **)&item);
+			return -1;
+		}
 		item->func = func;
 
 		slapi_lock_mutex(buffer_lock);
diff --git a/ldap/servers/slapd/index_subsystem.c b/ldap/servers/slapd/index_subsystem.c
index a1e05156..a0b16b0f 100644
--- a/ldap/servers/slapd/index_subsystem.c
+++ b/ldap/servers/slapd/index_subsystem.c
@@ -1030,7 +1030,7 @@ int slapi_index_register_index(char *plugin_id, indexed_item *registration_item,
 	Slapi_Filter *tmp_f = slapi_str2filter(registration_item->index_filter);
 	Slapi_Backend *be;
 	
-	if(!theCache)
+	if(!theCache || !tmp_f)
 		return -1;
 
 	index_subsys_write_lock();