From 19c62472381cf72bc7bd20694bbd672edde7f94f Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Wed, 1 Sep 2010 15:08:35 -0600
Subject: bug 614511 - fix coverity null reference - revert macro aci $dn logic

instead of changing the logic to catch matched_val == NULL, make the code
work like it does in earlier releases, but add an explicit check for
matched_val == NULL to avoid using it.
---
 ldap/servers/plugins/acl/acllas.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'ldap/servers')

diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index c510eb1e..a41487e3 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -4178,8 +4178,8 @@ acllas_replace_dn_macro( char *rule, char *matched_val, lasInfo *lasinfo) {
 		has_macro_levels = 1;
 	}
 
-	if ( !has_macro_dn ) { /* No $(dn) */
-
+	if ( (!has_macro_dn && !has_macro_levels) || !matched_val ) { /* No ($dn) and no [$dn] ... */
+		/* ... or no value to replace */
 		/*
 		 * No $dn thing, just return a list with two elements, rule and NULL.
 		 * charray_add will create the list and null terminate it.		
@@ -4194,9 +4194,11 @@ acllas_replace_dn_macro( char *rule, char *matched_val, lasInfo *lasinfo) {
 		 *
 		 * First, replace all occurrencers of ($dn) with the matched_val
 		 */
-		patched_rule =
+		if ( has_macro_dn) {
+			patched_rule =
 				acl_replace_str(rule, ACL_RULE_MACRO_DN_KEY, matched_val);
-		
+		}
+
 		/* If there are no [$dn] we're done */
 
 		if ( !has_macro_levels ) {			
-- 
cgit