X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_check.c;h=0412bb4f2028bd2ebefec86835c42cca688d9a97;hb=b4e1ea15f3081a065318f5ee99336494c8765bca;hp=7d74b8e8448a72b612255b7207e3455d60444af2;hpb=3a15afa057a49bceed50d87ce09e015ca166f743;p=openldap

diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index 7d74b8e844..0412bb4f20 100644
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -99,7 +99,7 @@ entry_schema_check(
 	/* it's a REALLY bad idea to disable schema checks */
 	if( !global_schemacheck ) return LDAP_SUCCESS;
 
-	/* find the object class attribute - could error out here */
+	/* find the structural object class attribute */
 	asc = attr_find( e->e_attrs, ad_structuralObjectClass );
 	if ( asc == NULL ) {
 #ifdef NEW_LOGGING
@@ -113,7 +113,7 @@ entry_schema_check(
 #endif
 
 		*text = "no structuralObjectClass operational attribute";
-		return LDAP_OBJECT_CLASS_VIOLATION;
+		return LDAP_OTHER;
 	}
 
 	assert( asc->a_vals != NULL );
@@ -152,7 +152,7 @@ entry_schema_check(
 			e->e_dn, textbuf, 0 );
 #endif
 
-		return LDAP_OBJECT_CLASS_VIOLATION;
+		return LDAP_OTHER;
 	}
 
 	/* find the object class attribute */
@@ -177,8 +177,6 @@ entry_schema_check(
 	rc = structural_class( aoc->a_vals, &nsc, &oc, text, textbuf, textlen );
 	if( rc != LDAP_SUCCESS ) {
 		return rc;
-	} else if ( nsc.bv_len == 0 ) {
-		return LDAP_OBJECT_CLASS_VIOLATION;
 	}
 
 	*text = textbuf;
@@ -191,7 +189,7 @@ entry_schema_check(
 
 	} else if ( sc != oc ) {
 		snprintf( textbuf, textlen, 
-			"structuralObjectClass modification from '%s' to '%s' not allowed",
+			"structural object class modification from '%s' to '%s' not allowed",
 			asc->a_vals[0].bv_val, nsc.bv_val );
 		return LDAP_NO_OBJECT_CLASS_MODS;
 	}
@@ -541,15 +539,27 @@ int structural_class(
 		}
 	}
 
-	if( scp )
+	if( scp ) {
 		*scp = sc;
+	}
 
 	if( sc == NULL ) {
 		*text = "no structural object classes provided";
 		return LDAP_OBJECT_CLASS_VIOLATION;
 	}
 
+	if( scn < 0 ) {
+		*text = "invalid structural object class";
+		return LDAP_OBJECT_CLASS_VIOLATION;
+	}
+
 	*scbv = ocs[scn];
+
+	if( scbv->bv_len == 0 ) {
+		*text = "invalid structural object class";
+		return LDAP_OBJECT_CLASS_VIOLATION;
+	}
+
 	return LDAP_SUCCESS;
 }