summaryrefslogtreecommitdiffstats
path: root/ldap/servers/slapd/modify.c
diff options
context:
space:
mode:
Diffstat (limited to 'ldap/servers/slapd/modify.c')
-rw-r--r--ldap/servers/slapd/modify.c35
1 files changed, 31 insertions, 4 deletions
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 40646b2b..027bbefb 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -166,16 +166,43 @@ do_modify( Slapi_PBlock *pb )
*/
{
- if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR )
+ char *rawdn = NULL;
+ size_t dnlen = 0;
+ int rc = 0;
+ if ( ber_scanf( ber, "{a", &rawdn ) == LBER_ERROR )
{
LDAPDebug( LDAP_DEBUG_ANY,
"ber_scanf failed (op=Modify; params=DN)\n", 0, 0, 0 );
op_shared_log_error_access (pb, "MOD", "???", "decoding error");
- send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0,
- NULL );
- slapi_ch_free_string(&dn);
+ send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL );
+ slapi_ch_free_string(&rawdn);
return;
}
+ /* Check if we should be performing strict validation. */
+ if (config_get_dn_validate_strict()) {
+ /* check that the dn is formatted correctly */
+ rc = slapi_dn_syntax_check(pb, rawdn, 1);
+ if (rc) { /* syntax check failed */
+ op_shared_log_error_access(pb, "MOD", rawdn?rawdn:"",
+ "strict: invalid dn");
+ send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX,
+ NULL, "invalid dn", 0, NULL);
+ slapi_ch_free((void **) &rawdn);
+ return;
+ }
+ }
+ rc = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen);
+ if (rc < 0) {
+ op_shared_log_error_access(pb, "MOD", "???", "invalid dn");
+ send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX,
+ NULL, "invalid dn", 0, NULL);
+ slapi_ch_free((void **) &rawdn);
+ return;
+ } else if (rc > 0) { /* if rc == 0, rawdn is passed in */
+ slapi_ch_free_string(&rawdn);
+ } else { /* rc == 0; rawdn is passed in; not null terminated */
+ *(dn + dnlen) = '\0';
+ }
}
LDAPDebug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn, 0, 0 );
generated by cgit (git 2.34.1) at 2024-06-23 04:18:51 +0000