From: Pierangelo Masarati <ando@openldap.org>
Date: Tue, 21 Aug 2007 10:52:16 +0000 (+0000)
Subject: fix or comment Calysto findings
X-Git-Tag: OPENLDAP_REL_ENG_2_4_MP~160
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=145e6fc1f82d627876022bbb6bcd4905e5784f1e;p=openldap

fix or comment Calysto findings
---

diff --git a/clients/tools/common.c b/clients/tools/common.c
index 78d8db7811..1c84ff2a5a 100644
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -1816,6 +1816,13 @@ void tool_print_ctrls(
 		char *str;
 		int j;
 
+		/* FIXME: there might be cases where a control has NULL OID;
+		 * this makes little sense, especially when returned by the
+		 * server, but libldap happily allows it */
+		if ( ctrls[i]->ldctl_oid == NULL ) {
+			continue;
+		}
+
 		len = ldif ? 2 : 0;
 		len += strlen( ctrls[i]->ldctl_oid );
 
@@ -1824,7 +1831,7 @@ void tool_print_ctrls(
 			? sizeof("true") : sizeof("false");
 
 		/* convert to base64 */
-		if ( ctrls[i]->ldctl_value.bv_len ) {
+		if ( !BER_BVISNULL( &ctrls[i]->ldctl_value ) ) {
 			b64.bv_len = LUTIL_BASE64_ENCODE_LEN(
 				ctrls[i]->ldctl_value.bv_len ) + 1;
 			b64.bv_val = ber_memalloc( b64.bv_len + 1 );
diff --git a/libraries/libldap/controls.c b/libraries/libldap/controls.c
index 51fde85a51..aa38040c3e 100644
--- a/libraries/libldap/controls.c
+++ b/libraries/libldap/controls.c
@@ -231,7 +231,7 @@ int ldap_pvt_get_controls(
 		if( tag == LBER_OCTETSTRING ) {
 			tag = ber_scanf( ber, "o", &tctrl->ldctl_value );
 		} else {
-			tctrl->ldctl_value.bv_val = NULL;
+			BER_BVZERO( &tctrl->ldctl_value );
 		}
 
 		*ctrls = tctrls;
@@ -350,6 +350,7 @@ ldap_control_dup( const LDAPControl *c )
 		}
 
 	} else {
+		/* FIXME: how can a control have null OID? */
 		new->ldctl_oid = NULL;
 	}
 
diff --git a/libraries/libldap/extended.c b/libraries/libldap/extended.c
index 644180de0e..5a6efda9f1 100644
--- a/libraries/libldap/extended.c
+++ b/libraries/libldap/extended.c
@@ -315,6 +315,7 @@ ldap_parse_intermediate (
 
 	if( retoidp != NULL ) *retoidp = NULL;
 	if( retdatap != NULL ) *retdatap = NULL;
+	if( serverctrls != NULL ) *serverctrls = NULL;
 
 	ber = ber_dup( res->lm_ber );
 
diff --git a/libraries/liblutil/ldif.c b/libraries/liblutil/ldif.c
index 2af75fb732..482a604d62 100644
--- a/libraries/liblutil/ldif.c
+++ b/libraries/liblutil/ldif.c
@@ -865,6 +865,9 @@ ldif_read_record(
 						fp2 = ldif_open_url( ptr );
 						if ( fp2 ) {
 							LDIFFP *lnew = ber_memalloc( sizeof( LDIFFP ));
+							if ( lnew == NULL ) {
+								return 0;
+							}
 							lnew->prev = lfp->prev;
 							lnew->fp = lfp->fp;
 							lfp->prev = lnew;
diff --git a/libraries/liblutil/sasl.c b/libraries/liblutil/sasl.c
index ffbd29846e..50b5a29ddc 100644
--- a/libraries/liblutil/sasl.c
+++ b/libraries/liblutil/sasl.c
@@ -49,6 +49,8 @@ lutil_sasl_freedefs(
 	void *defaults )
 {
 	lutilSASLdefaults *defs = defaults;
+
+	assert( defs != NULL );
 	
 	if (defs->mech) ber_memfree(defs->mech);
 	if (defs->realm) ber_memfree(defs->realm);
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index ebc51bdbd0..fd5e39b217 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1352,6 +1352,14 @@ retry_lock:;
 				li->li_acl_authcID.bv_val,
 				li->li_acl_passwd.bv_val,
 				NULL );
+		if ( defaults == NULL ) {
+			rs->sr_err = LDAP_OTHER;
+			LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+			if ( sendok & LDAP_BACK_SENDERR ) {
+				send_ldap_result( op, rs );
+			}
+			goto done;
+		}
 
 		rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld,
 				li->li_acl_authcDN.bv_val,
@@ -2091,6 +2099,14 @@ ldap_back_proxy_authz_bind(
 				li->li_idassert_authcID.bv_val,
 				li->li_idassert_passwd.bv_val,
 				authzID.bv_val );
+		if ( defaults == NULL ) {
+			rs->sr_err = LDAP_OTHER;
+			LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+			if ( sendok & LDAP_BACK_SENDERR ) {
+				send_ldap_result( op, rs );
+			}
+			goto done;
+		}
 
 		rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld, binddn->bv_val,
 				li->li_idassert_sasl_mech.bv_val, NULL, NULL,
diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index c1c02496e8..03e3ec204e 100644
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -1425,6 +1425,14 @@ meta_back_proxy_authz_cred(
 				mt->mt_idassert_authcID.bv_val,
 				mt->mt_idassert_passwd.bv_val,
 				authzID.bv_val );
+		if ( defaults == NULL ) {
+			rs->sr_err = LDAP_OTHER;
+			LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
+			if ( sendok & LDAP_BACK_SENDERR ) {
+				send_ldap_result( op, rs );
+			}
+			goto done;
+		}
 
 		rs->sr_err = ldap_sasl_interactive_bind_s( msc->msc_ld, binddn->bv_val,
 				mt->mt_idassert_sasl_mech.bv_val, NULL, NULL,
diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index b99d8f0a19..d6655a78a0 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -1584,6 +1584,10 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb )
 			sb->sb_authcId.bv_val,
 			sb->sb_cred.bv_val,
 			sb->sb_authzId.bv_val );
+		if ( defaults == NULL ) {
+			rc = LDAP_OTHER;
+			goto done;
+		}
 
 		rc = ldap_sasl_interactive_bind_s( ld,
 				sb->sb_binddn.bv_val,