ITS#3657 added missing check

diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c
index 3bbf08d54b5e5ea4516eaa95b5196ae01054c976..e5a60244399275e21da99c0fbf7df7b6c0a3ab38 100644 (file)
--- a/servers/slapd/back-bdb/modrdn.c
+++ b/servers/slapd/back-bdb/modrdn.c
@@ -403,8 +403,13 @@ retry:     /* transaction retry */
                        np_dn = op->oq_modrdn.rs_newSup;
                        np_ndn = op->oq_modrdn.rs_nnewSup;
 
-                       /* newSuperior == oldParent?, if so ==> ERROR */
+                       /* newSuperior == oldParent? - checked above */
                        /* newSuperior == entry being moved?, if so ==> ERROR */
+                       if ( dnIsSuffix( np_ndn, &e->e_nname )) {
+                               rs->sr_err = LDAP_NAMING_VIOLATION;
+                               rs->sr_text = "new superior is invalid";
+                               goto return_results;
+                       }
                        /* Get Entry with dn=newSuperior. Does newSuperior exist? */
 
                        rs->sr_err = bdb_dn2entry( op, ltid, np_ndn,