ldap/servers/plugins/acl/acleffectiverights.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
New commits:
commit 82625ebf670c0f234e8bcbf18420e84b325e359e
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Jun 14 20:25:18 2010 -0600
Bug 603942 - null deref in _ger_parse_control() for subjectdn
https://bugzilla.redhat.com/show_bug.cgi?id=603942
Resolves: bug 603942
Bug Description: null deref in _ger_parse_control() for subjectdn
Reviewed by: nkinder (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig.
Also,check for NULL before doing strlen(orig).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/acl/acleffectiverights.c
b/ldap/servers/plugins/acl/acleffectiverights.c
index acf856c..013c088 100644
--- a/ldap/servers/plugins/acl/acleffectiverights.c
+++ b/ldap/servers/plugins/acl/acleffectiverights.c
@@ -244,7 +244,7 @@ _ger_parse_control (
return LDAP_OPERATIONS_ERROR;
}
/* "a" means to allocate storage as needed for octet string */
- if ( ber_scanf (ber, "a", orig) == LBER_ERROR )
+ if ( ber_scanf (ber, "a", &orig) == LBER_ERROR )
{
aclutil_str_append ( errbuf, "get-effective-rights: invalid ber tag in the
subject" );
slapi_log_error (SLAPI_LOG_FATAL, plugin_name, "%s\n", *errbuf );
@@ -259,7 +259,7 @@ _ger_parse_control (
* (see section 9 of RFC 2829) only. It also only supports the "dnAuthzId"
* flavor, which looks like "dn:<DN>" where null <DN> is for
anonymous.
*/
- subjectndnlen = strlen(orig);
+ subjectndnlen = orig ? strlen(orig) : 0;
if ( NULL == orig || subjectndnlen < 3 || strncasecmp ( "dn:", orig, 3 ) !=
0 )
{
aclutil_str_append ( errbuf, "get-effective-rights: subject is not dnAuthzId"
);