ITS#1716 is_entry_subentr/ies/y/

[openldap] / servers / slapd / dn.c

diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 3ba5acff7ac4a8ffc05a68c02b35a626060c761d..450691d326a5c076b48dfc116a07b0e8f5f409b5 100644 (file)
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -132,11 +132,13 @@ dnValidate(
         * Schema-aware validate
         */
        rc = LDAPDN_validate( dn );
-       if ( rc == LDAP_SUCCESS ) {
-               ldap_dnfree( dn );
+       ldap_dnfree( dn );
+
+       if ( rc != LDAP_SUCCESS ) {
+               return LDAP_INVALID_SYNTAX;
        }
-       
-       return LDAP_INVALID_SYNTAX;
+
+       return LDAP_SUCCESS;
 }
 
 /*
@@ -240,6 +242,7 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
                for ( iAVA = 0; rdn[ 0 ][ iAVA ]; iAVA++ ) {
                        LDAPAVA                 *ava = rdn[ 0 ][ iAVA ];
                        AttributeDescription    *ad;
+                       slap_syntax_validate_func *validf = NULL;
                        slap_syntax_transform_func *transf = NULL;
                        MatchingRule *mr;
                        struct berval           bv = { 0, NULL };
@@ -266,17 +269,31 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
 
                        if( ava->la_flags & LDAP_AVA_BINARY ) {
                                /* AVA is binary encoded, don't muck with it */
+                               validf = NULL;
                                transf = NULL;
                                mr = NULL;
-
                        } else if( flags & SLAP_LDAPDN_PRETTY ) {
+                               validf = NULL;
                                transf = ad->ad_type->sat_syntax->ssyn_pretty;
                                mr = NULL;
                        } else {
+                               validf = ad->ad_type->sat_syntax->ssyn_validate;
                                transf = ad->ad_type->sat_syntax->ssyn_normalize;
                                mr = ad->ad_type->sat_equality;
                        }
 
+                       if ( validf ) {
+                               /* validate value before normalization */
+                               rc = ( *validf )( ad->ad_type->sat_syntax,
+                                       ava->la_value.bv_len
+                                               ? &ava->la_value
+                                               : (struct berval *) &slap_empty_bv );
+
+                               if ( rc != LDAP_SUCCESS ) {
+                                       return LDAP_INVALID_SYNTAX;
+                               }
+                       }
+
                        if ( transf ) {
                                /*
                                 * transform value by normalize/pretty function
@@ -296,9 +313,10 @@ LDAPDN_rewrite( LDAPDN *dn, unsigned flags )
                        if( mr && ( mr->smr_usage & SLAP_MR_DN_FOLD ) ) {
                                char *s = bv.bv_val;
 
-                               ber_str2bv( UTF8normalize( bv.bv_val ? &bv
-                                       : &ava->la_value, LDAP_UTF8_CASEFOLD ),
-                                       0, 0, &bv );
+                               if ( UTF8bvnormalize( &bv, &bv, 
+                                               LDAP_UTF8_CASEFOLD ) == NULL ) {
+                                       return LDAP_INVALID_SYNTAX;
+                               }
                                free( s );
                        }
 
@@ -572,7 +590,8 @@ dnMatch(
        match = value->bv_len - asserted->bv_len;
 
        if ( match == 0 ) {
-               match = strcmp( value->bv_val, asserted->bv_val );
+               match = memcmp( value->bv_val, asserted->bv_val, 
+                               value->bv_len );
        }
 
 #ifdef NEW_LOGGING