X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fdn.c;h=cb4c6951655718bf4b97b278512bea16fa2ec61b;hb=d9edc7d5afd2860fac2fa0121044db28d94c9f7f;hp=35051299e6792272665f81ee669cfb5b1a6df6e3;hpb=5c2b116798fb6860b21edaebb7588e790966acba;p=openldap

diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 35051299e6..cb4c695165 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2009 The OpenLDAP Foundation.
+ * Copyright 1998-2011 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
 		ava->la_attr = ad->ad_cname;
 
 		if( ava->la_flags & LDAP_AVA_BINARY ) {
-			if( ava->la_value.bv_len == 0 ) {
-				/* BER encoding is empty */
-				return LDAP_INVALID_SYNTAX;
-			}
+			/* AVA is binary encoded, not supported */
+			return LDAP_INVALID_SYNTAX;
 
 			/* Do not allow X-ORDERED 'VALUES' naming attributes */
 		} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
 			return LDAP_INVALID_SYNTAX;
 
-			/* AVA is binary encoded, don't muck with it */
 		} else if( flags & SLAP_LDAPDN_PRETTY ) {
 			transf = ad->ad_type->sat_syntax->ssyn_pretty;
 			if( !transf ) {
@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
 			ava->la_value = bv;
 			ava->la_flags |= LDAP_AVA_FREE_VALUE;
 		}
+		/* reject empty values */
+		if (!ava->la_value.bv_len) {
+			return LDAP_INVALID_SYNTAX;
+		}
 	}
 	rc = LDAP_SUCCESS;
 
@@ -702,11 +703,10 @@ dnPrettyNormal(
 	struct berval *normal,
 	void *ctx)
 {
-	Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
-
 	assert( val != NULL );
 	assert( pretty != NULL );
 	assert( normal != NULL );
+	Debug( LDAP_DEBUG_TRACE, ">>> dnPrettyNormal: <%s>\n", val->bv_val ? val->bv_val : "", 0, 0 );
 
 	if ( val->bv_len == 0 ) {
 		ber_dupbv_x( pretty, val, ctx );
@@ -964,8 +964,8 @@ dnParent(
 
 	/* one-level dn */
 	if ( p == NULL ) {
-		pdn->bv_len = 0;
 		pdn->bv_val = dn->bv_val + dn->bv_len;
+		pdn->bv_len = 0;
 		return;
 	}
 
@@ -1168,11 +1168,13 @@ dnIsSuffix(
 	const struct berval *dn,
 	const struct berval *suffix )
 {
-	int	d = dn->bv_len - suffix->bv_len;
+	int	d;
 
 	assert( dn != NULL );
 	assert( suffix != NULL );
 
+	d = dn->bv_len - suffix->bv_len;
+
 	/* empty suffix matches any dn */
 	if ( suffix->bv_len == 0 ) {
 		return 1;
@@ -1194,7 +1196,7 @@ dnIsSuffix(
 	}
 
 	/* compare */
-	return( strcmp( dn->bv_val + d, suffix->bv_val ) == 0 );
+	return( strncmp( dn->bv_val + d, suffix->bv_val, suffix->bv_len ) == 0 );
 }
 
 /*