benign buffer overflow fix (ITS#1964)

[openldap] / servers / slapd / schema_check.c

diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index a92d44214bff8dd56a5fa6b4c2d44187330bc1b1..0412bb4f2028bd2ebefec86835c42cca688d9a97 100644 (file)
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -99,7 +99,7 @@ entry_schema_check(
        /* it's a REALLY bad idea to disable schema checks */
        if( !global_schemacheck ) return LDAP_SUCCESS;
 
-       /* find the object class attribute - could error out here */
+       /* find the structural object class attribute */
        asc = attr_find( e->e_attrs, ad_structuralObjectClass );
        if ( asc == NULL ) {
 #ifdef NEW_LOGGING
@@ -113,7 +113,7 @@ entry_schema_check(
 #endif
 
                *text = "no structuralObjectClass operational attribute";
-               return LDAP_OBJECT_CLASS_VIOLATION;
+               return LDAP_OTHER;
        }
 
        assert( asc->a_vals != NULL );
@@ -152,7 +152,7 @@ entry_schema_check(
                        e->e_dn, textbuf, 0 );
 #endif
 
-               return LDAP_OBJECT_CLASS_VIOLATION;
+               return LDAP_OTHER;
        }
 
        /* find the object class attribute */
@@ -177,8 +177,6 @@ entry_schema_check(
        rc = structural_class( aoc->a_vals, &nsc, &oc, text, textbuf, textlen );
        if( rc != LDAP_SUCCESS ) {
                return rc;
-       } else if ( nsc.bv_len == 0 ) {
-               return LDAP_OBJECT_CLASS_VIOLATION;
        }
 
        *text = textbuf;
@@ -191,7 +189,7 @@ entry_schema_check(
 
        } else if ( sc != oc ) {
                snprintf( textbuf, textlen, 
-                       "structuralObjectClass modification from '%s' to '%s' not allowed",
+                       "structural object class modification from '%s' to '%s' not allowed",
                        asc->a_vals[0].bv_val, nsc.bv_val );
                return LDAP_NO_OBJECT_CLASS_MODS;
        }
@@ -260,10 +258,9 @@ entry_schema_check(
                                                if ( xc->soc_kind == LDAP_SCHEMA_AUXILIARY &&
                                                        is_object_subclass( oc, xc ) )
                                                {
-                                                       break;;
+                                                       xc = NULL;
+                                                       break;
                                                }
-
-                                               xc = NULL;
                                        }
                                }
 
@@ -542,15 +539,27 @@ int structural_class(
                }
        }
 
-       if( scp )
+       if( scp ) {
                *scp = sc;
+       }
 
        if( sc == NULL ) {
                *text = "no structural object classes provided";
                return LDAP_OBJECT_CLASS_VIOLATION;
        }
 
+       if( scn < 0 ) {
+               *text = "invalid structural object class";
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+
        *scbv = ocs[scn];
+
+       if( scbv->bv_len == 0 ) {
+               *text = "invalid structural object class";
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+
        return LDAP_SUCCESS;
 }