From: Howard Chu Date: Wed, 7 Nov 2007 04:58:07 +0000 (+0000) Subject: ITS#5146 better check for single val in modify X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~458 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8f56be2ce8c0e6a4b0f6f5e45b9d2d20a9274907;p=openldap ITS#5146 better check for single val in modify --- diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index e126598055..6b7668bf56 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -1559,8 +1559,6 @@ ppolicy_modify( Operation *op, SlapReply *rs ) if ((ml->sml_op == LDAP_MOD_ADD) || (ml->sml_op == LDAP_MOD_REPLACE)) { - addmod = ml; - /* FIXME: there's no easy way to ensure * that add does not cause multiple * userPassword values; one way (that @@ -1572,13 +1570,15 @@ ppolicy_modify( Operation *op, SlapReply *rs ) * Let's check at least that a single value * is being added */ - assert( addmod->sml_values != NULL ); - assert( !BER_BVISNULL( &addmod->sml_values[ 0 ] ) ); - if ( !BER_BVISNULL( &addmod->sml_values[ 1 ] ) ) { + assert( ml->sml_values != NULL ); + assert( !BER_BVISNULL( &ml->sml_values[ 0 ] ) ); + if ( !BER_BVISNULL( addmod || &ml->sml_values[ 1 ] ) ) { rs->sr_err = LDAP_CONSTRAINT_VIOLATION; rs->sr_text = "Password policy only allows one password value"; goto return_results; } + + addmod = ml; } } else if ( !is_at_operational( ml->sml_desc->ad_type ) ) {