NO-OP must be critical and apply to selected operations (ITS#5758)

author Pierangelo Masarati <ando@openldap.org>

Mon, 20 Oct 2008 23:16:40 +0000 (23:16 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Mon, 20 Oct 2008 23:16:40 +0000 (23:16 +0000)
author Pierangelo Masarati <ando@openldap.org>
Mon, 20 Oct 2008 23:16:40 +0000 (23:16 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Mon, 20 Oct 2008 23:16:40 +0000 (23:16 +0000)
diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c

index f2efdd1696255630eafbd4a0be30816e87d2c683..05aa30e284287a5c4dd413b3ce43d47c4c5108ed 100644 (file)
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -1038,6 +1038,26 @@ static int parseNoOp (
                 return LDAP_PROTOCOL_ERROR;
         }
  
+       if ( !ctrl->ldctl_iscritical ) {
+               rs->sr_text = "noop control not critical";
+               return LDAP_PROTOCOL_ERROR;
+       }
+
+       switch ( op->o_tag ) {
+       case LDAP_REQ_ADD:
+       case LDAP_REQ_MODIFY:
+       case LDAP_REQ_RENAME:
+       case LDAP_REQ_DELETE:
+       /* NOTE: only selected extended operations should be eligible;
+        * checking is delegated to the appropriate handlers */
+       case LDAP_REQ_EXTENDED:
+               break;
+
+       default:
+               rs->sr_text = "noop control on non-allowed operation";
+               return LDAP_PROTOCOL_ERROR;
+       }
+
         op->o_noop = ctrl->ldctl_iscritical
                 ? SLAP_CONTROL_CRITICAL
                 : SLAP_CONTROL_NONCRITICAL;
author	Pierangelo Masarati <ando@openldap.org>
	Mon, 20 Oct 2008 23:16:40 +0000 (23:16 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Mon, 20 Oct 2008 23:16:40 +0000 (23:16 +0000)