Fix crashes for SASL/EXTERNAL binds:

  in slap_sasl_getdn, test id, not dn. dn is still NULL
  also, don't check for trailing slash
  in slap_sasl_bind, initialize reslen to 0

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 29a83f5adab5134da34332cf57fc6e306f1be80a..3bcc33b738ef848256bfc85b151b1f5dd75b55c1 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -112,7 +112,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
        if( flags & FLAG_GETDN_AUTHCID ) {
                if( sasl_external_x509dn_convert && conn->c_sasl_bind_mech
                        && ( strcasecmp( "EXTERNAL", conn->c_sasl_bind_mech ) == 0 ) 
-                       && len && dn[0] == '/' && dn[len-1]== '/' )
+                       && len && id[0] == '/' /* && id[len-1]== '/' */)
                {
                        /* check SASL external for X.509 style DN and */
                        /* convert to dn:<dn> form */
@@ -611,7 +611,7 @@ int slap_sasl_bind(
 #ifdef HAVE_CYRUS_SASL
        sasl_conn_t *ctx = conn->c_sasl_context;
        struct berval response;
-       unsigned reslen;
+       unsigned reslen = 0;
        const char *errstr;
        int sc;