From 4a6bc648b66cf84b5dc9038ed404a6c4a4d9492b Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Sat, 9 Feb 2008 01:11:44 +0000
Subject: [PATCH] ITS#5264

---
 CHANGES                   | 1 +
 servers/slapd/saslauthz.c | 9 +++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 34c50b9474..26f9b590c8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,7 @@ OpenLDAP 2.4.8 Engineering
 	Fixed slapd include handling (ITS#5276)
 	Fixed slapd non-atomic signal variables (ITS#5248)
 	Fixed slapd overlay ordering when moving to slapd.d (ITS#5284)
+	Fixed slapd NULL printf (ITS#5264)
 	Added slapd-bdb/slapd-hdb DB encryption (ITS#5359)
 	Fixed slapd-ldif delete (ITS#5265)
 	Added slapo-autogroup contrib module (ITS#5145)
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 135c242fe5..e5c508fa33 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -1665,7 +1665,7 @@ slap_sasl_match( Operation *opx, struct berval *rule,
 
 	Debug( LDAP_DEBUG_TRACE,
 	   "===>slap_sasl_match: comparing DN %s to rule %s\n",
-		assertDN->bv_val, rule->bv_val, 0 );
+		assertDN->bv_len ? assertDN->bv_val : "(null)", rule->bv_val, 0 );
 
 	/* NOTE: don't normalize rule if authz syntax is enabled */
 	rc = slap_parseURI( opx, rule, &base, &op.o_req_ndn,
@@ -2038,11 +2038,16 @@ int slap_sasl_authorized( Operation *op,
 	int rc = LDAP_INAPPROPRIATE_AUTH;
 
 	/* User binding as anonymous */
-	if ( authzDN == NULL ) {
+	if ( !authzDN || !authzDN->bv_len || !authzDN->bv_val ) {
 		rc = LDAP_SUCCESS;
 		goto DONE;
 	}
 
+	/* User is anonymous */
+	if ( !authcDN || !authcDN->bv_len || !authcDN->bv_val ) {
+		goto DONE;
+	}
+
 	Debug( LDAP_DEBUG_TRACE,
 	   "==>slap_sasl_authorized: can %s become %s?\n",
 		authcDN->bv_len ? authcDN->bv_val : "(null)",
-- 
2.39.5