1 files changed, 29 insertions, 2 deletions

diff --git a/ldap/servers/slapd/delete.c b/ldap/servers/slapd/delete.c
index c17b669a..3a80eeba 100644
--- a/ldap/servers/slapd/delete.c
+++ b/ldap/servers/slapd/delete.c
@@ -71,8 +71,10 @@ do_delete( Slapi_PBlock *pb )
 {
 	Slapi_Operation *operation;
 	BerElement	*ber;
+	char	    *rawdn = NULL;
 	char	    *dn = NULL;
-	int			err;
+	size_t		dnlen = 0;
+	int			err = 0;
 
 	LDAPDebug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 );
 	
@@ -88,7 +90,7 @@ do_delete( Slapi_PBlock *pb )
 	 *	DelRequest := DistinguishedName
 	 */
 
-	if ( ber_scanf( pb->pb_op->o_ber, "a", &dn ) == LBER_ERROR ) {
+	if ( ber_scanf( pb->pb_op->o_ber, "a", &rawdn ) == LBER_ERROR ) {
 		LDAPDebug( LDAP_DEBUG_ANY,
 		    "ber_scanf failed (op=Delete; params=DN)\n", 0, 0, 0 );
 		op_shared_log_error_access (pb, "DEL", "???", "decoding error");
@@ -96,6 +98,31 @@ do_delete( Slapi_PBlock *pb )
 		    NULL );
 		goto free_and_return;
 	}
+	/* Check if we should be performing strict validation. */
+	if (config_get_dn_validate_strict()) {
+		/* check that the dn is formatted correctly */
+		err = slapi_dn_syntax_check(pb, rawdn, 1);
+		if (err) { /* syntax check failed */
+			op_shared_log_error_access(pb, "DEL", rawdn?rawdn:"",
+							"strict: invalid dn");
+			send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, 
+							 NULL, "invalid dn", 0, NULL);
+			slapi_ch_free_string(&rawdn);
+			goto free_and_return;
+		}
+	}
+	err = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen);
+	if (err < 0) {
+		op_shared_log_error_access(pb, "DEL", "???", "invalid dn");
+		send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, 
+						 NULL, "invalid dn", 0, NULL);
+		slapi_ch_free_string(&rawdn);
+		goto free_and_return;
+	} else if (err > 0) { /* if err == 0, rawdn is passed in */
+		slapi_ch_free_string(&rawdn);
+	} else { /* err == 0; rawdn is passed in; not null terminated */
+		*(dn + dnlen) = '\0';
+	}
 
 	/*
 	 * in LDAPv3 there can be optional control extensions on