Fix access_allowed() error checking bug

[openldap] / servers / slapd / root_dse.c

diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c
index e814c5155d648a5768f3dc2c989f8224f6835483..86777acfaed502efc10f7f5c0f8de6033c158880 100644 (file)
--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@@ -11,20 +11,25 @@
  */
 
 #include "portable.h"
+#include "slapi_common.h"
 
 #include <stdio.h>
 #include <ac/string.h>
 
 #include "slap.h"
+#include "slapi.h"
 #include <ldif.h>
 #include "lber_pvt.h"
+#include "slapi/slapi_utils.h"
+
+struct berval *ns_get_supported_extop (int);
 
 static struct berval supportedFeatures[] = {
-       BER_BVC("1.3.6.1.4.1.4203.1.5.1"), /* all Operational Attributes ("+") */
-       BER_BVC("1.3.6.1.4.1.4203.1.5.2"), /* OCs in Attributes List */
-       BER_BVC("1.3.6.1.4.1.4203.1.5.3"), /* (&) and (|) search filters */
-       BER_BVC("1.3.6.1.4.1.4203.1.5.4"), /* Language Tag Options */
-       BER_BVC("1.3.6.1.4.1.4203.1.5.5"), /* Language Range Options */
+       BER_BVC(LDAP_FEATURE_ALL_OPERATIONAL_ATTRS), /* all Operational Attributes ("+") */
+       BER_BVC(LDAP_FEATURE_OBJECTCLASS_ATTRS), /* OCs in Attributes List */
+       BER_BVC(LDAP_FEATURE_ABSOLUTE_FILTERS), /* (&) and (|) search filters */
+       BER_BVC(LDAP_FEATURE_LANGUAGE_TAG_OPTIONS), /* Language Tag Options */
+       BER_BVC(LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS), /* Language Range Options */
        {0,NULL}
 };
 
@@ -36,7 +41,6 @@ root_dse_info(
        Entry **entry,
        const char **text )
 {
-       char buf[BUFSIZ];
        Entry           *e;
        struct berval   vals[2], *bv;
        int             i, j;
@@ -65,7 +69,18 @@ root_dse_info(
 
        vals[1].bv_val = NULL;
 
-       e = (Entry *) ch_calloc( 1, sizeof(Entry) );
+       e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+
+       if( e == NULL ) {
+#ifdef NEW_LOGGING
+               LDAP_LOG( OPERATION, ERR,
+                       "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
+#else
+               Debug( LDAP_DEBUG_ANY,
+                       "root_dse_info: SLAP_CALLOC failed", 0, 0, 0 );
+#endif
+               return LDAP_OTHER;
+       }
 
        e->e_attrs = NULL;
        e->e_name.bv_val = ch_strdup( LDAP_ROOT_DSE );
@@ -81,17 +96,21 @@ root_dse_info(
 
        vals[0].bv_val = "top";
        vals[0].bv_len = sizeof("top")-1;
-       attr_merge( e, ad_objectClass, vals );
+       if( attr_merge( e, ad_objectClass, vals ) )
+               return LDAP_OTHER;
 
        vals[0].bv_val = "OpenLDAProotDSE";
        vals[0].bv_len = sizeof("OpenLDAProotDSE")-1;
-       attr_merge( e, ad_objectClass, vals );
-       attr_merge( e, ad_structuralObjectClass, vals );
+       if( attr_merge( e, ad_objectClass, vals ) )
+               return LDAP_OTHER;
+       if( attr_merge( e, ad_structuralObjectClass, vals ) )
+               return LDAP_OTHER;
 
        for ( i = 0; i < nbackends; i++ ) {
                if ( backends[i].be_flags & SLAP_BFLAG_MONITOR ) {
                        vals[0] = backends[i].be_suffix[0];
-                       attr_merge( e, ad_monitorContext, vals );
+                       if( attr_merge( e, ad_monitorContext, vals ) )
+                               return LDAP_OTHER;
                        continue;
                }
                if ( backends[i].be_flags & SLAP_BFLAG_GLUE_SUBORDINATE ) {
@@ -99,7 +118,8 @@ root_dse_info(
                }
                for ( j = 0; backends[i].be_suffix[j].bv_val != NULL; j++ ) {
                        vals[0] = backends[i].be_suffix[j];
-                       attr_merge( e, ad_namingContexts, vals );
+                       if( attr_merge( e, ad_namingContexts, vals ) )
+                               return LDAP_OTHER;
                }
        }
 
@@ -108,30 +128,43 @@ root_dse_info(
        /* supportedControl */
        for ( i=0; (vals[0].bv_val = get_supported_ctrl(i)) != NULL; i++ ) {
                vals[0].bv_len = strlen( vals[0].bv_val );
-               attr_merge( e, ad_supportedControl, vals );
+               if( attr_merge( e, ad_supportedControl, vals ) )
+                       return LDAP_OTHER;
        }
 
        /* supportedExtension */
        for ( i=0; (bv = get_supported_extop(i)) != NULL; i++ ) {
+               vals[0] = *bv;
+               if( attr_merge( e, ad_supportedExtension, vals ) )
+                       return LDAP_OTHER;
+       }
+
+#if defined( LDAP_SLAPI )
+       /* netscape supportedExtension */
+       for ( i = 0; (bv = ns_get_supported_extop(i)) != NULL; i++ ) {
                vals[0] = *bv;
                attr_merge( e, ad_supportedExtension, vals );
        }
+#endif /* defined( LDAP_SLAPI ) */
 
        /* supportedFeatures */
-       attr_merge( e, ad_supportedFeatures, supportedFeatures );
+       if( attr_merge( e, ad_supportedFeatures, supportedFeatures ) )
+               return LDAP_OTHER;
 
        /* supportedLDAPVersion */
        for ( i=LDAP_VERSION_MIN; i<=LDAP_VERSION_MAX; i++ ) {
+               char buf[BUFSIZ];
                if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
                        ( i < LDAP_VERSION3 ) )
                {
                        /* version 2 and lower are disallowed */
                        continue;
                }
-               sprintf(buf,"%d",i);
+               snprintf(buf, sizeof buf, "%d", i);
                vals[0].bv_val = buf;
                vals[0].bv_len = strlen( vals[0].bv_val );
-               attr_merge( e, ad_supportedLDAPVersion, vals );
+               if( attr_merge( e, ad_supportedLDAPVersion, vals ) )
+                       return LDAP_OTHER;
        }
 
        /* supportedSASLMechanism */
@@ -141,19 +174,22 @@ root_dse_info(
                for ( i=0; supportedSASLMechanisms[i] != NULL; i++ ) {
                        vals[0].bv_val = supportedSASLMechanisms[i];
                        vals[0].bv_len = strlen( vals[0].bv_val );
-                       attr_merge( e, ad_supportedSASLMechanisms, vals );
+                       if( attr_merge( e, ad_supportedSASLMechanisms, vals ) )
+                               return LDAP_OTHER;
                }
-               charray_free( supportedSASLMechanisms );
+               ldap_charray_free( supportedSASLMechanisms );
        }
 
        if ( default_referral != NULL ) {
-               attr_merge( e, ad_ref, default_referral );
+               if( attr_merge( e, ad_ref, default_referral ) )
+                       return LDAP_OTHER;
        }
 
        if( usr_attr != NULL) {
                Attribute *a;
                for( a = usr_attr->e_attrs; a != NULL; a = a->a_next ) {
-                       attr_merge( e, a->a_desc, a->a_vals );
+                       if( attr_merge( e, a->a_desc, a->a_vals ) )
+                               return LDAP_OTHER;
                }
        }
 
@@ -181,7 +217,17 @@ int read_root_dse_file( const char *fname )
                return EXIT_FAILURE;
        }
 
-       usr_attr = (Entry *) ch_calloc( 1, sizeof(Entry) );
+       usr_attr = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+       if( usr_attr == NULL ) {
+#ifdef NEW_LOGGING
+               LDAP_LOG( OPERATION, ERR,
+                       "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
+#else
+               Debug( LDAP_DEBUG_ANY,
+                       "read_root_dse_file: SLAP_CALLOC failed", 0, 0, 0 );
+#endif
+               return LDAP_OTHER;
+       }
        usr_attr->e_attrs = NULL;
 
        while( ldif_read_record( fp, &lineno, &buf, &lmax ) ) {
@@ -191,7 +237,6 @@ int read_root_dse_file( const char *fname )
                if( e == NULL ) {
                        fprintf( stderr, "root_dse: could not parse entry (line=%d)\n",
                                lineno );
-                       entry_free( e );
                        entry_free( usr_attr );
                        usr_attr = NULL;
                        return EXIT_FAILURE;
@@ -215,7 +260,8 @@ int read_root_dse_file( const char *fname )
                 */
 
                for(a = e->e_attrs; a != NULL; a = a->a_next) {
-                       attr_merge( usr_attr, a->a_desc, a->a_vals );
+                       if( attr_merge( usr_attr, a->a_desc, a->a_vals ) )
+                               return LDAP_OTHER;
                }
 
                entry_free( e );