benign buffer overflow fix (ITS#1964)

[openldap] / servers / slapd / schema_check.c

diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index a6b6b98acc2ebd2947f1abac5d167b9e7dc49ec3..0412bb4f2028bd2ebefec86835c42cca688d9a97 100644 (file)
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -113,7 +113,7 @@ entry_schema_check(
 #endif
 
                *text = "no structuralObjectClass operational attribute";
-               return LDAP_OBJECT_CLASS_VIOLATION;
+               return LDAP_OTHER;
        }
 
        assert( asc->a_vals != NULL );
@@ -152,7 +152,7 @@ entry_schema_check(
                        e->e_dn, textbuf, 0 );
 #endif
 
-               return LDAP_OBJECT_CLASS_VIOLATION;
+               return LDAP_OTHER;
        }
 
        /* find the object class attribute */
@@ -189,7 +189,7 @@ entry_schema_check(
 
        } else if ( sc != oc ) {
                snprintf( textbuf, textlen, 
-                       "structuralObjectClass modification from '%s' to '%s' not allowed",
+                       "structural object class modification from '%s' to '%s' not allowed",
                        asc->a_vals[0].bv_val, nsc.bv_val );
                return LDAP_NO_OBJECT_CLASS_MODS;
        }
@@ -548,9 +548,14 @@ int structural_class(
                return LDAP_OBJECT_CLASS_VIOLATION;
        }
 
+       if( scn < 0 ) {
+               *text = "invalid structural object class";
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+
        *scbv = ocs[scn];
 
-       if( scbv->bv_len ) {
+       if( scbv->bv_len == 0 ) {
                *text = "invalid structural object class";
                return LDAP_OBJECT_CLASS_VIOLATION;
        }