From 004540b360c384c2ea6fcd47a07eec5d211182a7 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 7 Jun 2010 00:02:32 +0000
Subject: [PATCH] ITS#6570 part #1 (again), reject RDNs with binary BER values

---
 servers/slapd/dn.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 5b1adbf6da..6383a7b2bf 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
 		ava->la_attr = ad->ad_cname;
 
 		if( ava->la_flags & LDAP_AVA_BINARY ) {
-			if( ava->la_value.bv_len == 0 ) {
-				/* BER encoding is empty */
-				return LDAP_INVALID_SYNTAX;
-			}
+			/* AVA is binary encoded, not supported */
+			return LDAP_INVALID_SYNTAX;
 
 			/* Do not allow X-ORDERED 'VALUES' naming attributes */
 		} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
 			return LDAP_INVALID_SYNTAX;
 
-			/* AVA is binary encoded, don't muck with it */
 		} else if( flags & SLAP_LDAPDN_PRETTY ) {
 			transf = ad->ad_type->sat_syntax->ssyn_pretty;
 			if( !transf ) {
-- 
2.39.5