Fix strchrlen running past end of berval

[openldap] / servers / slapd / main.c

diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 119e24a9554d70cc8f1514a6e2fb5bd7b4804c8f..eb475f2f08dea9ba0bc131693688922a65fc86c0 100644 (file)
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -104,6 +104,7 @@ static int check = CHECK_NONE;
 static int version = 0;
 
 void *slap_tls_ctx;
+LDAP *slap_tls_ld;
 
 #ifdef LOG_LOCAL4
 #define DEFAULT_SYSLOG_USER    LOG_LOCAL4
@@ -114,8 +115,9 @@ slapd_opt_slp( const char *val, void *arg )
 {
 #ifdef HAVE_SLP
        /* NULL is default */
-       if ( val == NULL || strcasecmp( val, "on" ) == 0 ) {
+       if ( val == NULL || *val == '(' || strcasecmp( val, "on" ) == 0 ) {
                slapd_register_slp = 1;
+               slapd_slp_attrs = (val != NULL && *val == '(') ? val : NULL;
 
        } else if ( strcasecmp( val, "off" ) == 0 ) {
                slapd_register_slp = 0;
@@ -154,7 +156,7 @@ struct option_helper {
        void            *oh_arg;
        const char      *oh_usage;
 } option_helpers[] = {
-       { BER_BVC("slp"),       slapd_opt_slp,  NULL, "slp[={on|off}] enable/disable SLP" },
+       { BER_BVC("slp"),       slapd_opt_slp,  NULL, "slp[={on|off|(attrs)}] enable/disable SLP using (attrs)" },
        { BER_BVNULL, 0, NULL, NULL }
 };
 
@@ -706,6 +708,14 @@ unhandled_option:;
        lutil_passwd_init();
        slap_op_init();
 
+#ifdef HAVE_TLS
+       rc = ldap_create( &slap_tls_ld );
+       if ( rc ) {
+               SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
+               goto destroy;
+       }
+#endif
+
        rc = slap_init( serverMode, serverName );
        if ( rc ) {
                SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 );
@@ -776,19 +786,13 @@ unhandled_option:;
        }
 
        {
-               void *def_ctx = NULL;
-
-               /* Save existing default ctx, if any */
-               ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx );
+               int opt = 1;
 
                /* Force new ctx to be created */
-               ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
-
-               rc = ldap_pvt_tls_init_def_ctx( 1 );
+               rc = ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
                if( rc == 0 ) {
-                       ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
-                       /* Restore previous ctx */
-                       ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
+                       /* The ctx's refcount is bumped up here */
+                       ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
                        load_extop( &slap_EXOP_START_TLS, 0, starttls_extop );
                } else if ( rc != LDAP_NOT_SUPPORTED ) {
                        Debug( LDAP_DEBUG_ANY,
@@ -957,6 +961,13 @@ stop:
        lutil_passwd_destroy();
 
 #ifdef HAVE_TLS
+       /* Setting it to itself decreases refcount, allowing it to be freed
+        * when the LD is freed.
+        */
+       if ( slap_tls_ld ) {
+               ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, slap_tls_ctx );
+               ldap_unbind( slap_tls_ld );
+       }
        ldap_pvt_tls_destroy();
 #endif