From: Quanah Gibson-Mount Date: Tue, 2 Sep 2008 22:23:30 +0000 (+0000) Subject: ITS#5609 X-Git-Tag: OPENLDAP_REL_ENG_2_4_12~119 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=212a5374cb81c7bff00f56a7a569b12e81eb4083;p=openldap ITS#5609 --- diff --git a/CHANGES b/CHANGES index 1a7f00a1f2..4b86a70969 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,7 @@ OpenLDAP 2.4 Change Log OpenLDAP 2.4.12 Engineering + Fixed slapo-constraint string termination (ITS#5609) OpenLDAP 2.4.11 Release (2008/07/16) Fixed liblber ber_get_next length decoding (ITS#5580) diff --git a/doc/man/man5/slapo-constraint.5 b/doc/man/man5/slapo-constraint.5 index 1a60c0e244..2c6a059215 100644 --- a/doc/man/man5/slapo-constraint.5 +++ b/doc/man/man5/slapo-constraint.5 @@ -72,8 +72,7 @@ constraint_attribute title uri A specification like the above would reject any .B mail attribute which did not look like -.B -@mydomain.com +.BR "@mydomain.com" . It would also reject any .B title attribute whose values were not listed in the diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c index bb4d9504b1..09fae8e020 100644 --- a/servers/slapd/overlays/constraint.c +++ b/servers/slapd/overlays/constraint.c @@ -282,8 +282,16 @@ constraint_cf_gen( ConfigArgs *c ) if (ap.lud->lud_dn == NULL) ap.lud->lud_dn = ch_strdup(""); - if (ap.lud->lud_filter == NULL) + if (ap.lud->lud_filter == NULL) { ap.lud->lud_filter = ch_strdup("objectClass=*"); + } else if ( ap.lud->lud_filter[0] == '(' ) { + ber_len_t len = strlen( ap.lud->lud_filter ); + if ( ap.lud->lud_filter[len - 1] != ')' ) { + return( ARG_BAD_CONF ); + } + AC_MEMCPY( &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 ); + ap.lud->lud_filter[len - 2] = '\0'; + } ber_str2bv( c->argv[3], 0, 1, &ap.val ); } else { @@ -427,6 +435,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op, SlapReply } *ptr++ = ')'; *ptr++ = ')'; + *ptr++ = '\0'; Debug(LDAP_DEBUG_TRACE, "==> constraint_violation uri filter = %s\n",