ITS#8103 fix crash with more than 65535 aliases in a scope

[openldap] / servers / slapd / back-mdb / dn2id.c

diff --git a/servers/slapd/back-mdb/dn2id.c b/servers/slapd/back-mdb/dn2id.c
index f54ab998e9ff6278b3aa3a93b2ca63ccbfe298bd..d1845f710910f9ddd6c3305365076cfb68febe96 100644 (file)
--- a/servers/slapd/back-mdb/dn2id.c
+++ b/servers/slapd/back-mdb/dn2id.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2014 The OpenLDAP Foundation.
+ * Copyright 2000-2015 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -346,7 +346,7 @@ mdb_dn2id(
                cursor = mc;
        } else {
                rc = mdb_cursor_open( txn, dbi, &cursor );
-               if ( rc ) return rc;
+               if ( rc ) goto done;
        }
 
        for (;;) {
@@ -470,7 +470,7 @@ mdb_dn2sups(
        key.mv_size = sizeof(ID);
 
        rc = mdb_cursor_open( txn, dbi, &cursor );
-       if ( rc ) return rc;
+       if ( rc ) goto done;
 
        for (;;) {
                key.mv_data = &pid;
@@ -664,6 +664,11 @@ mdb_idscope(
                        ptr += data.mv_size - sizeof(ID);
                        memcpy( &id, ptr, sizeof(ID) );
                        if ( id == base ) {
+                               if ( res[0] >= MDB_IDL_DB_SIZE-1 ) {
+                                       /* too many aliases in scope. Fallback to range */
+                                       MDB_IDL_RANGE( res, MDB_IDL_FIRST( ids ), MDB_IDL_LAST( ids ));
+                                       goto leave;
+                               }
                                res[0]++;
                                res[res[0]] = ida;
                                copy = 0;
@@ -685,6 +690,7 @@ mdb_idscope(
        if (!MDB_IDL_IS_RANGE( ids ))
                ids[0] = idc;
 
+leave:
        mdb_cursor_close( cursor );
        return rc;
 }
@@ -760,9 +766,12 @@ mdb_idscopes(
                if ( x <= isc->scopes[0].mid && isc->scopes[x].mid == id ) {
                        if ( !isc->scopes[x].mval.mv_data ) {
                                /* This node is in scope, add parent chain to scope */
-                               int i = isc->sctmp[0].mid;
-                               for ( i = 1; i <= isc->sctmp[0].mid; i++ )
-                                       mdb_id2l_insert( isc->scopes, &isc->sctmp[i] );
+                               int i;
+                               for ( i = 1; i <= isc->sctmp[0].mid; i++ ) {
+                                       rc = mdb_id2l_insert( isc->scopes, &isc->sctmp[i] );
+                                       if ( rc )
+                                               break;
+                               }
                                /* check id again since inserts may have changed its position */
                                if ( isc->scopes[x].mid != id )
                                        x = mdb_id2l_search( isc->scopes, id );
@@ -778,6 +787,53 @@ mdb_idscopes(
        return MDB_SUCCESS;
 }
 
+/* See if ID is a child of any of the scopes,
+ * return MDB_KEYEXIST if so.
+ */
+int
+mdb_idscopechk(
+       Operation *op,
+       IdScopes *isc )
+{
+       struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
+       MDB_val         key, data;
+       ID id, prev;
+       char    *ptr;
+       int             rc = 0;
+       unsigned int x;
+
+       key.mv_size = sizeof(ID);
+
+       if ( !isc->mc ) {
+               rc = mdb_cursor_open( isc->mt, mdb->mi_dn2id, &isc->mc );
+               if ( rc ) return rc;
+       }
+
+       id = isc->id;
+
+       while (id) {
+               if ( !rc ) {
+                       key.mv_data = &id;
+                       rc = mdb_cursor_get( isc->mc, &key, &data, MDB_SET );
+                       if ( rc )
+                               return rc;
+               }
+
+               ptr = data.mv_data;
+               ptr += data.mv_size - sizeof(ID);
+               prev = id;
+               memcpy( &id, ptr, sizeof(ID) );
+               /* If we didn't advance, some parent is missing */
+               if ( id == prev )
+                       return MDB_NOTFOUND;
+
+               x = mdb_id2l_search( isc->scopes, id );
+               if ( x <= isc->scopes[0].mid && isc->scopes[x].mid == id )
+                       return MDB_KEYEXIST;
+       }
+       return MDB_SUCCESS;
+}
+
 int
 mdb_dn2id_walk(
        Operation *op,